SlashNext: Credential Phishing Attacks Soar in Second Half of 2024

Credential phishing attacks skyrocketed more than 700% during the second half of 2024, according to a new report by SlashNext.

Spanning billions of analyzed threats across email and mobile channels, the report examines the rapidly evolving phishing landscape and the vectors most exploited by cybercriminals in the past year.

The spike in credential phishing attacks signals a sharp escalation in the use of sophisticated phishing kits and social engineering tactics. In credential phishing attacks, hackers try to steal credentials by pretending to be a trusted party in an email or other communication channel.

Other key findings in the SlashNext report include:

Related:CrowdStrike Hits $1 Billion Milestone via SHI Partnership

Phishing Attacks Shifting

Stephen Kowski, field CTO at SlashNext, said the most surprising finding is the shift from traditional business email compromise (BEC) to sophisticated malicious links powered by AI and hosted on trusted cloud infrastructure.

“The focus on social engineering has overshadowed this evolving threat vector that poses significant risks,” he said. “The innovation in previously overlooked attack methods demonstrates how threat actors are becoming more creative and effective.”

Organizations are making risky trade-offs by relying on basic security tools and default email protection instead of investing in comprehensive security solutions, Kowski said.

“Many companies mistakenly believe their existing email security is sufficient until they experience a significant breach,” he said. “A multilayered approach with real-time link analysis and AI-powered detection is essential in today’s threat environment.”

The threat landscape will intensify significantly in 2025 with faster, more sophisticated attacks leveraging both new and reinvented techniques, Kowski said.

“Attackers will continue exploiting trusted platforms and using AI to create more convincing phishing campaigns at unprecedented scale,” he said. “The combination of speed, creativity and automation will make these threats particularly challenging.”

Related:Dashlane Launches Reseller Partner Program

Big Opportunity for Partners

Security partners have a big opportunity to deliver innovative solutions that address modern phishing tactics, but they must evolve beyond traditional approaches, Kowski said.

“Partners need to focus on continuous innovation rather than just maintaining existing security stacks,” he said. “Success requires helping customers implement advanced threat detection capabilities that can identify and block sophisticated phishing attempts in real time.”

Nicole Carignan, vice president of strategic cyber AI at Darktrace, said despite increased focus on email security, organizations and their employees continue to be plagued by successful phishing attempts.

Darktrace's Nicole Carignan

“As sophistication of phishing attacks continues to grow, organizations cannot rely on employees to be the last line of defense against these attacks,” she said. “Instead, organizations must use machine learning (ML)-powered tools that can understand how their employees interact with their inboxes and build a profile of what activity is normal for users, including their relationships, tone and sentiment, content, when and how they follow or share links, etc. Only then can they accurately recognize suspicious activity that may indicate an attack or BEC.”

Related:$50 Million Keepit Funding Round to Strengthen Channel

Threat Actors Adapt, Evolve

While email has long been the vector of choice for carrying out phishing attacks, threat actors continue to adapt and evolve their tactics to increase success of these attacks, Carignan said.

“We know that as we innovate, so will threat actors to find new and novel ways to launch malicious campaigns,” she said. “For example, we’ve seen a rise in the abuse of commonly used services and platforms, including Microsoft Teams and Dropbox, for phishing campaigns in 2024. A proactive security stance, which monitors anomalous activity patterns and privileged access paths is essential to stay ahead of these kinds of attacks. Consistent governance spanning all technology portfolios is now table stakes for cyber resilience. We also have observed a rise of cross-domain attacks making visibility, event correlation, detection and response across multiple domains critical.”