The four avenues are nothing new by now, but the approach is being made more versatile and less susceptible to language barriers and common ways of detection:

    • Online ads as an attack vector: Threat actors have been using search engine ads as phishing distribution vectors to lure unsuspecting victims to malicious websites impersonating large financial institutions in the United States, United Kingdom, and Eastern Europe.
    • AI makes cybercriminals more productive, adaptable: While AI does not fundamentally change the way threat actors levy attacks, security teams should be aware of how their adversaries are using it to streamline their workflow and make brand abuse easier.
    • Exploiting email technology: Many organizations are not enabling all key components that secure the authenticity and integrity of the messages, which could leave them susceptible to email-based threats.
    • Can any organization patch up fast enough? Attackers have been exploiting new vulnerabilities faster, prompting a high-stakes race between threat actors and defenders after a public vulnerability disclosure.