In the first half of 2024, the cyber attacks targeting employees increased by 24% per user. Security leaders should be concerned not only about the scale of these attacks but also about the widespread adoption of advanced and evasive tactics. Perception Point’s H1 2024 Cybersecurity Trends & Insights report dives into these developments, focusing on attacks targeting modern workspace, including email, browsers, and cloud collaboration tools like Microsoft 365, Salesforce, and Zendesk.
Using data from our multi-layer AI-powered threat prevention platform and managed Incident Response services, we also predict emerging threats and the strategies needed to counter them in the coming months.
What We Learned in H1 2024
1. Surge in Social Engineering Attacks
BEC attacks and its subset VEC have escalated dramatically in H1 2024, with BEC attacks increasing by 42% and VEC attacks by 66%. Cybercriminals are continuing to leverage AI-based tools to launch more effective social engineering based attacks that easily bypass traditional security defenses.
Read “Decoding BEC in the Age of ChatGPT” and “Preventing Vendor Email Compromise” for more information on these emerging threats.
2. Persistent Phishing Threats
Phishing continues to be a persistent leading threat vector, accounting for 74% of all email attacks in H1 2024. A particularly concerning development is the rise of multi-step phishing attacks, which saw a 175% increase in 2023. These evasive attacks avoid detection by disguising malicious links behind legitimate services like Canva or Office Forms. Towards the end of H1, an alarming trend emerged. Threat actors began exploiting URL rewriting features designed to prevent phishing threats. By manipulating these rewritten URLs, attackers mask highly evasive phishing links behind trusted domains of security vendors, effectively bypassing detection.
3. Browser-Based Attack Growth
The browser is the most used enterprise app in modern workspaces, making it a prime target for cyber threats. In H1 2024, phishing dominated these threats, accounting for 89% of browser-based attacks, up from 82% in H1 2023. These attacks often use deceptive tactics, such as malicious websites and brand impersonation, to steal sensitive information. Malware attacks decreased to 9% in H1 2024, down from 12% the previous year. Advanced attacks also declined, accounting for 2% of threats in H1 2024, down from 5% in H1 2023. These sophisticated attacks target specific browser vulnerabilities to compromise user data.
Learn more about Perception Point’s Advanced Browser Security, a seamless browser extension that dynamically scans within the user’s browser environment.
4. Cloud Collaboration Platforms Under Fire
Cloud-based collaboration tools, essential for modern business operations, have increasingly become prime targets for cyber attackers. As these tools play a critical role in workspace productivity, their security is paramount. In H1 2024, malware was the most significant threat to Microsoft 365, making up 68% of all incidents, due to the interconnected nature of its apps, which allows attackers to move laterally across systems. Salesforce and Zendesk also saw a surge in phishing attacks, accounting for 65% and 66% of threats, respectively. The complexity of these platforms, including multiple environments in Salesforce and the expanded attack surface in Zendesk, highlights the limitations of their native security features and underscores the need for advanced protection strategies to safeguard sensitive data and operations across all channels.
Check out the following case studies to see how Perception Point effectively protects Microsoft 365, Salesforce and Zendesk.
H2 2024: What’s on the Horizon?
As we look ahead to the remainder of 2024, phishing is expected to remain the most dominant cyber threat, likely accounting for nearly three-quarters of all attacks. Despite some fluctuations, phishing’s persistent presence underscores the need for strong detection and prevention strategies. At the same time, BEC and VEC attacks are increasingly replacing traditional malware as attackers shift toward exploiting human vulnerabilities. Though advanced attacks are less frequent, their potential for significant damage means organizations must stay vigilant, employing sophisticated detection and response strategies to protect critical assets.
For a deeper dive into the cybersecurity trends shaping 2024, get your copy of the full H1 report now. Discover the insights you need to stay ahead of emerging threats and protect your organization effectively. Download the full report here!