Our newest Phishing Menace Tendencies Report explores the evolving phishing panorama in 2025, from renewed ways to rising assault methods.
Ransomware could also be an “outdated” menace, however new ways are making folks extra vulnerable than ever. On this version, we break down a extremely superior assault detected by KnowBe4 Defend that bypassed native safety and a safe e-mail gateway (SEG)—and would have been practically not possible to cease if launched. We additionally study how cybercriminals are utilizing AI for polymorphic phishing, infiltrating the hiring course of, and evading conventional safety defenses.
Except in any other case cited, all statistics within the report have been generated utilizing information from KnowBe4 Defend, our built-in cloud e-mail safety (ICES) resolution that detects the total spectrum of superior phishing assaults.
A Spike in Phishing
Between September 15, 2024 and February 14, 2025, there was a 17.3% enhance in phishing emails in comparison with the earlier six month interval. 57.9% of those have been despatched from compromised accounts, and 11.4% of these from compromised accounts have been despatched from inside the group’s provide chain. 1 / 4 (25.9%) of the assaults contained an attachment, one-fifth (20%) relied solely on social engineering methods and over half (54.9%) contained a phishing hyperlink payload.
AI-Polymorphic Phishing Campaigns
Polymorphic phishing assaults are being deployed at an unprecedented scale, making detection and remediation more and more tough. AI has enabled cybercriminals to execute these campaigns extra effectively, producing refined variations that bypass conventional safety measures like blocklists, safe e-mail gateways (SEGs), and native safety instruments. In 2024, no less than one polymorphic function was current in 76.4% of all phishing assaults and in 57.49% of commodity assaults (white noise phishing).
Ransomware is As soon as Once more on the Rise
Ransomware payloads in phishing assaults have surged, with a 22.6% enhance from September 15, 2024, to February 15, 2025, in comparison with the earlier six months. This pattern is accelerating, with a 57.5% spike between November 1, 2024, and February 15, 2025, versus the prior three months. This report analyzes a classy INC Ransom payload detected by KnowBe4 Defend, which employs superior methods, together with refined obfuscation to hide the malicious payload, to make it just about not possible to detect utilizing anti-virus software program after which cease it if it had been launched.
Cybercriminals are Hijacking the Hiring Course of
KnowBe4’s menace intelligence crew examined over 500 hiring-based assaults, discovering that engineering roles have been disproportionately focused, accounting for 64% of incidents, adopted by finance (12%), HR (10%), IT (10%), product (2%) and different roles (4%). Cybercriminals give attention to software program engineers because of their excessive job mobility and privileged entry to crucial methods and information—typically with out in-person verification—making them prime targets for credential theft and community infiltration.
Bypassing Safe E mail Gateways (SEGs)
As many organizations rely on SEG expertise to filter out threats, cybercriminals constantly refine their ways, investing time and assets into growing refined assaults designed to evade detection and infiltrate company networks.
Between September 15, 2024 and February 14, 2025, three payload sorts skilled a major enhance in bypassing Microsoft and SEG detection in comparison with the earlier six month interval. These embrace phishing hyperlinks (36.8% enhance), malware (20.0% enhance) and social engineering solely (14.2% enhance). Three of the highest seven professional domains we noticed cybercriminals hijacking to bypass conventional applied sciences included google.com, sharepoint.com and dropbox.com. Lastly, there was a 22.7% enhance in using technical measures to obfuscate assaults and payloads akin to image-based payloads, invisible characters and left-to-right override.
To search out out extra concerning the newest Phishing Menace Tendencies, learn the total report right here.
