Our newest Phishing Menace Traits Report explores the evolving phishing panorama in 2025, from renewed ways to rising assault methods.
Ransomware could also be an “outdated” risk, however new ways are making folks extra vulnerable than ever. On this version, we break down a extremely superior assault detected by KnowBe4 Defend that bypassed native safety and a safe e-mail gateway (SEG)—and would have been almost unimaginable to cease if launched. We additionally study how cybercriminals are utilizing AI for polymorphic phishing, infiltrating the hiring course of, and evading conventional safety defenses.
Until in any other case cited, all statistics within the report have been generated utilizing information from KnowBe4 Defend, our built-in cloud e-mail safety (ICES) answer that detects the complete spectrum of superior phishing assaults.
A Spike in Phishing
Between September 15, 2024 and February 14, 2025, there was a 17.3% improve in phishing emails in comparison with the earlier six month interval. 57.9% of those had been despatched from compromised accounts, and 11.4% of these from compromised accounts had been despatched from inside the group’s provide chain. 1 / 4 (25.9%) of the assaults contained an attachment, one-fifth (20%) relied solely on social engineering methods and over half (54.9%) contained a phishing hyperlink payload.
AI-Polymorphic Phishing Campaigns
Polymorphic phishing assaults are being deployed at an unprecedented scale, making detection and remediation more and more troublesome. AI has enabled cybercriminals to execute these campaigns extra effectively, producing delicate variations that bypass conventional safety measures like blocklists, safe e-mail gateways (SEGs), and native safety instruments. In 2024, not less than one polymorphic characteristic was current in 76.4% of all phishing assaults and in 57.49% of commodity assaults (white noise phishing).
Ransomware is As soon as Once more on the Rise
Ransomware payloads in phishing assaults have surged, with a 22.6% improve from September 15, 2024, to February 15, 2025, in comparison with the earlier six months. This pattern is accelerating, with a 57.5% spike between November 1, 2024, and February 15, 2025, versus the prior three months. This report analyzes a classy INC Ransom payload detected by KnowBe4 Defend, which employs superior methods, together with subtle obfuscation to hide the malicious payload, to make it nearly unimaginable to detect utilizing anti-virus software program after which cease it if it had been launched.
Cybercriminals are Hijacking the Hiring Course of
KnowBe4’s risk intelligence staff examined over 500 hiring-based assaults, discovering that engineering roles had been disproportionately focused, accounting for 64% of incidents, adopted by finance (12%), HR (10%), IT (10%), product (2%) and different roles (4%). Cybercriminals give attention to software program engineers because of their excessive job mobility and privileged entry to essential programs and information—typically with out in-person verification—making them prime targets for credential theft and community infiltration.
Bypassing Safe Electronic mail Gateways (SEGs)
As many organizations depend upon SEG know-how to filter out threats, cybercriminals constantly refine their ways, investing time and assets into growing subtle assaults designed to evade detection and infiltrate company networks.
Between September 15, 2024 and February 14, 2025, three payload varieties skilled a big improve in bypassing Microsoft and SEG detection in comparison with the earlier six month interval. These embody phishing hyperlinks (36.8% improve), malware (20.0% improve) and social engineering solely (14.2% improve). Three of the highest seven authentic domains we noticed cybercriminals hijacking to bypass conventional applied sciences included google.com, sharepoint.com and dropbox.com. Lastly, there was a 22.7% improve in using technical measures to obfuscate assaults and payloads equivalent to image-based payloads, invisible characters and left-to-right override.
To seek out out extra concerning the newest Phishing Menace Traits, learn the complete report right here.