SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Malware
#
Firewalls
#
Network Security

AI-driven phishing attacks outpace legacy email security filters

Yesterday
Author image
By Shannon Williams, Journalist

A report published by Cofense examines the growth of artificial intelligence (AI) in phishing attacks and the resultant challenges for traditional email security.

According to the report, titled The Rise of AI – A New Era of Phishing Threats, the Cofense Phishing Defense Center tracked one malicious email bypassing traditional defences every 42 seconds in 2024. These emails were often linked to polymorphic phishing attacks, which change in real-time in an attempt to evade detection by standard filtering technology.

The research found significant changes in attacker tactics attributed to AI. Attackers have increasingly automated the development of malware, extended attacks across various industries, and generated more personalised phishing content. These adaptations have allowed threats to bypass standard email security tools and highlighted what the report describes as the insufficiency of perimeter-only defences.

Josh Bartolomie, Chief Security Officer at Cofense, said, "Phishing threats have reached a critical turning point, AI-driven attacks are now slipping past traditional perimeter defenses, exposing the limits of legacy email filters. Attackers are leveraging AI to generate realistic lures at scale, harvest public data to fine-tune their approach, and continuously evolve campaigns mid-stream. The speed and sophistication we're seeing demands a new mindset around email security—one that goes beyond filters to focus on visibility, validation, and rapid, human-informed response."

Polymorphic attacks, which adapt key details such as subject lines, sender identities, and content, are creating what analysts describe as an unprecedented challenge for defenders. Cofense notes that these tactics now require security teams to combine expert-supervised AI with behavioural context analysis, offering greater accuracy in identifying threats that evade legacy filters.

The report also identifies a notable rise in business email compromise (BEC). Attackers have begun using AI tools to impersonate executives, replicate authentic email threads, and reference genuine business processes such as payment approvals. These messages are often sent from domains that closely resemble legitimate addresses such as "@consultant.com". The use of AI also reduces common indicators of phishing, such as poor grammar or inconsistent formatting, complicating detection by human recipients.

The report highlights five principal trends shaping the current phishing landscape. Firstly, over 40% of malware detected in 2024 was newly identified, with nearly half classified as Remote Access Trojans (RATs). RATs provide persistent access for attackers and indicate a shift towards more sophisticated, multipurpose threats.

Secondly, attackers are now using AI to develop phishing messages that closely mimic internal company communications, demonstrating improved grammar and tone. Cofense's systems detected and grouped these emails using a combination of expert oversight and real-time input from users.

A third trend is the 70% year-over-year increase in email-based scams, associated with AI-driven automation of targeted lures, inbound message spoofing, and the use of subtle text variations to evade spam filters.

The fourth area of concern is the continued effectiveness of polymorphic campaigns. These campaigns continuously alter email elements to bypass perimeter security, prompting the report's recommendation for enhanced post-delivery monitoring and rapid incident response.

An expansion in attacker strategies comprises the fifth trend. Tax-related scams increased by 340%, and cases involving the misuse of legitimate files to deliver malware rose by 575%. Additionally, incidents of Microsoft-related email spoofing reported a 156% increase, indicating attackers' efforts to diversify their tactics and reduce the effectiveness of pattern-based blocking approaches.

The report is based on intelligence collected by the Cofense Phishing Defense Center during 2024 and incorporates data from millions of real-world phishing threats reported by over 35 million trained users worldwide.

Cofense has indicated that it will remain focused on providing defences that go beyond filtering, blending AI oversight, human intelligence, and post-delivery detection measures to support organisations in countering these threats.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Alabama cyberattack exposes state staff credentials, disrupts services
Zoho unveils Ulaa Enterprise for secure, privacy-first browsing
Dior & Nucor cyberattacks highlight risks for global firms
Exclusive: Rolf Bienert discusses OpenADR Alliance's growth amid electrification shift
Marks & Spencer cyber attack sparks customer data security fears
Top stories
Scattered Spider hackers shift focus from UK to US retailers
First-party fraud now top global threat, outpacing scams
Morphisec launches KICKSTART Channel Program to boost cyber defence
Fewer than 40% of firms have full visibility over software supply
Most organisations lack visibility into software supply chains