Although the number of phishing websites blocked by CyberShield (CyberTarcza) dropped from 360,000 in 2023 to 305,000 in 2024, phishing continues to be the most common form of cyberattack. Experts warn that this trend is likely to persist in the coming years, largely due to the growing role of artificial intelligence (AI), which makes identity spoofing easier for cybercriminals. While CyberShield—operating within Orange Polska’s network—provides robust protection for internet users, the human factor remains the weakest link.
“Last year was clearly dominated by phishing,” said Robert Grabowski from CERT Orange Polska in an interview with Newseria. “Fake investment scams and phishing campaigns spread through social media were particularly prevalent. These platforms are flooded with thousands of malicious ads designed to deceive users. Ransomware and malware infections are also still widespread, with tens of thousands of users affected. Meanwhile, DDoS attacks have nearly doubled in volume year-over-year.”
Phishing is a type of cybercrime that uses social engineering techniques to trick victims into revealing confidential information or performing specific actions. This is often done via fake emails or messages that appear to come from legitimate sources. Smishing, a variant of phishing, involves SMS or messaging apps like WhatsApp.
According to CERT Orange Polska’s latest report, CyberShield blocked 305,000 phishing domains in 2024 and protected 4.85 million people from data theft or financial loss. Phishing accounted for 45% of all incidents handled by CERT Orange Polska last year.
The report highlights that many malware infections in 2024 involved the Lumma Stealer—a data theft tool available via subscription to cybercriminals. Stolen data is often sold in bulk to other attackers, pointing to the growing specialization of cybercrime groups.
“There are ‘initial access brokers’ who only sell access to systems, groups that focus on data exfiltration, and others that handle encryption,” Grabowski explains. “This modularity makes attacks harder to counter. With phishing, we see constant evolution in both social engineering tactics and the use of AI tools to register hundreds or thousands of domains that evade detection and modify messages to bypass filters.”
To combat these threats, Orange Polska launched CyberShield a decade ago. The system identifies and blocks malicious websites, SMS links, and email scams, significantly reducing the risk of data or financial loss. However, individual awareness remains critical.
“The key is to pause and think. Don’t click on every link without thinking. Especially on mobile devices, where malicious URLs are often hidden. Even if the message seems relevant—like a package delivery or streaming subscription—go to the official website through your bookmarks or by typing the address manually to verify,” Grabowski advises.
Malware continues to be a major threat, accounting for 14% of incidents reported to CERT Orange Polska in 2024. The Agent Tesla trojan was especially active, responsible for 10% of all attacks. It’s a remote access tool (RAT) that steals login credentials and session keys. Cybercriminals often distribute it through malicious attachments in emails disguised as coming from trusted companies.
“Always inspect attachments for unusual file extensions. If you’re unsure, consult someone or report it to CERT Orange Polska to assess the threat,” Grabowski adds. “In companies, it’s critical to follow basic cybersecurity principles and consider the risks of new technologies, including AI.”
Experts predict that generative AI will be the most rapidly growing tool used in cybercrime over the next few years. The CERT report warns that AI will be increasingly used to manipulate public opinion and achieve geopolitical goals.
“Cryptocurrency exchanges remain attractive targets. Attacks will continue, especially the theft of private wallet keys. The market for vulnerabilities is still strong, and new zero-day exploits are being discovered regularly. These are especially dangerous because they give attackers backdoor access to company systems,” Grabowski warns.
Any suspicious messages, attachments, or SMS can be reported to CERT Orange Polska. Users can forward them to the number 508 700 900 or submit a report via the CERT Orange Polska website, where analysts will assess each case for malicious activity.
