The evolution of phishing: vishing & quishing

Posted by

In its early stages, phishing attacks were often very simplistic and relied on impersonating reputable sources via written communication, i.e. emails and letters, to gain access to sensitive data, now adversaries have adapted their techniques in the wake of the AI evolution. With the growing popularity of GenAI tools, voice-based phishing attacks – also known as ‘vishing’ – have become the new norm and organizations have to combat this evolution by modernizing their IT security.

Phishing as the reconnaissance phase of a bigger attack

We have to look at the anatomy of an attack to understand the role that phishing is playing in the malware industry. While ransomware typically gets all the headlines once intruders are able to monetize their efforts after successfully delivering the payload at the end of an infection cycle, there is less coverage on the overall infection cycle, which often starts with something as simple as phishing. The reconnaissance phase at the beginning of an attack plays an even more important role in the defense strategy.