Threat Intelligence & Incident Response

KnowBe4 Reports Surge in Cybercriminal Abuse of Legit Platforms

by PR Newswire

KnowBe4’s 2025 Phishing Threat Trends Report Volume Six reveals traditional defenses bypassed, increase in vishing usage and retail brands breached

KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human and AI agent risk management, today announced new research from its 2025 Phishing Threat Trends Report Vol. Six, which finds fundamental shifts in cybersecurity attacker tactics, prompting a significant increase in phishing attack volume from compromised accounts.

“As cybercriminals bypass technical defenses using techniques such as hijacking legitimate platforms and manipulate victims through a variety of sophisticated social engineering methods, organizations need to prioritize workforce trust management,” said Jack Chapman, SVP threat intelligence, KnowBe4. “The findings from this report revealed that attackers demonstrated clear seasonal targeting throughout 2025, exploiting HR topics in January, Valentine’s promotions in February, tax deadlines in April, and major events like the U.S. Open. As more attacks find their way through traditional email security defenses, it is critical that organizations evolve their tech stack to implement AI-driven detection that works within a holistic human risk management (HRM) ecosystem.”

Key findings from the report include: 

  • Scattered Spider Destruction: The cybercriminal gang Scattered Spider breached multiple high-profile retailers in 2025, including M&S, Co-Op, Harrods and others, which caused hundreds of millions in damages and losses. These breaches spawned secondary phishing campaigns targeting customers, with attackers impersonating the compromised brands to harvest credentials. Scattered Spider’s signature tactics (including combining sophisticated social engineering, vishing, MFA bombing and credential harvesting) combine techniques that target both the technical and human layers as part of their attack methodology.
  • Voice Phishing Surge: Phone-based vishing attacks increased 449% compared to 2024, with phone numbers appearing as the sole payload in 5.5% of phishing emails. Researchers discovered that 77% of callback numbers used AI-generated voices, while 69% of vishing attacks were financially motivated, requesting bank detail changes, fraudulent refunds or transfers. 
  • Legitimate Platform Hijacking: Perhaps most concerning, cybercriminals increased their abuse of legitimate platforms like QuickBooks, Zoom, SharePoint, and PayPal by 67% year-to-date. These attacks pass DMARC authentication 100% of the time and often bypass traditional defenses because they originate from trusted domains. 
PR Newswire

PR Newswire empowers communicators to identify and engage with key influencers, craft and distribute meaningful stories, and measure the financial impact of their efforts. Cision is a leading global provider of earned media software and services to public relations and marketing communications professionals.

PR Newswire empowers communicators to identify and engage with key influencers, craft and distribute meaningful stories, and measure the financial impact of their efforts. Cision is a leading global provider of earned media software and services to public relations and marketing communications professionals.

Related posts

Cymatic Named Best Web Application Solution Finalist

Business Wire

Avertium Fusion MXDR for Microsoft Security

PR Newswire

Actfore’s 2024 Success: Innovation, Milestones, and New Features

PR Newswire