The Rise of AI Powered Phishing
Cybercriminals are now leveraging artificial intelligence to craft highly personalized email attacks that bypass traditional spam filters and security tools. These AI generated messages mimic the writing style and context of trusted contacts, making them extremely difficult for employees to identify as malicious. Unlike generic phishing campaigns of the past, these targeted attacks exploit specific organizational relationships and ongoing projects, significantly increasing their success rate.
Advanced Kits Bypassing Multi Factor Authentication
A new phishing toolkit named Astaroth is enabling attackers to bypass two factor authentication through real time session hijacking. The kit operates as a man in the middle proxy between the user and legitimate services like Gmail or Microsoft 365. It captures login credentials, session tokens, and cookies in real time, allowing the attacker to maintain access even after a user enters a valid one time passcode.
Financial and Healthcare Sectors Most Exposed
Financial institutions and healthcare organizations are feeling the greatest impact from these evolving threats. A Florida healthcare firm recently reported a breach affecting nearly 150,000 patients after a single phishing email compromised an employee account for just one hour. Meanwhile, banks are struggling to protect customers from account takeover and payment fraud as SMS based one time passcodes become increasingly unreliable against these sophisticated attacks.
Source: Healthcareinfosecurity
