This past year has been defined by unprecedented advancements in technology, particularly the widespread usability of generative AI (GenAI). As this powerful tool becomes increasingly accessible, cybercriminals have capitalized on its capabilities to orchestrate more intricate and deceptive attacks. Notably, Business Email Compromise (BEC) attacks enhanced by GenAI have surged by a staggering 1,760% since 2022, showcasing the disruptive potential of GenAI in the hands of malicious actors.
Simultaneously, organizations have expanded their workspace technologies, integrating additional web-based productivity tools and SaaS applications making the browser the most used enterprise application. However, this expansion has not gone unnoticed by cyber attackers, who have adopted increasingly sophisticated evasion techniques to exploit vulnerabilities in these digital ecosystems. Not only has the urgency for advanced email security solutions become more clear with one in every five emails found to be illegitimate and phishing attacks comprising over 70% of all threats, but the need for securing the browser and addressing data loss and browser governance is also taking precedence.
In this blog we review some of the key takeaways from Perception Point’s “2024 Annual Report: Cybersecurity Trends & Insights,” which highlights the cyber trends that shaped 2023. Drawing from data collected by our Advanced Threat Detection platform, analyzed by the security experts from our Incident Response team, the report provides a holistic understanding of the threat climate in 2023.
Adapting to the Modern Workspace
The modern workspace has undergone a transformation in 2023. Users now use a collection of digital tools to collaborate, communicate, and work more efficiently and effectively.
This dynamic shift in working offers both convenience and vulnerability. Threat actors have adapted to the modern workspace, meeting users where they work, whether that is via email, in the browser or cloud collaboration applications.
Perception Point’s 2024 annual report found that phishing attacks via the web browser increased from 60% in 2022 to nearly 80% in 2023.
In addition, 65% of the attacks targeting Microsoft 365 applications (OneDrive, SharePoint, Teams) were malware. Similarly, CRMs like Zendesk and Salesforce also saw high rates of malware at 48% and 59% of total attacks, respectively.
These statistics indicate a shift, as organizations adopt more cloud-based collaboration platforms, so too do attackers.
Sophisticated Attacks for the Changing Digital Landscape
Threat actors have had to refine their methods to keep up with the expanding attack surface. No longer confined to simple phishing emails, today’s attacks are characterized by their intricacy and precision. GenAI has enabled attackers to enhance the scale and sophistication of their attacks, posing formidable challenges for both defenders and targets alike.
Perception Point’s 2024 Annual Report examines these evolving threats and how they grew in 2023. For example, BEC attacks, which constituted a mere 1% of cyberattacks in 2022, surged to represent 18.6% of all attacks in 2023 due to the advent of accessible GenAI.
However, GenAI was not the only tool attackers reached for in 2023. There was also a considerable increase in phishing via malicious QR codes (“quishing”), comprising 2.7% of all phishing attacks. By using QR codes to disguise malicious phishing sites, attackers were able to bypass most traditional security measures. Moreover, attackers also managed to exploit the inherent trust users have in QR codes, with a concerning 6% of all QR codes sent via email found to be malicious.
Another trend the report focuses on is two-step phishing, which witnessed a 175% surge in 2023. These attacks leverage legitimate services and websites to elude detection, exploiting the credibility of well-known domains. By directing users to a legitimate website first and then redirecting them to a malicious site, attackers manage to bypass many security measures.
External account takeover (ATO) threats, particularly Vendor Email Compromise attacks, also experienced a staggering increase of 350% in 2023. These threats underscore a pivotal shift in the tactics employed by threat actors targeting the modern workspace.
Navigating Cybersecurity in 2024 & Beyond
In the face of evolving threats, organizations must prioritize the implementation of robust cybersecurity measures. By embracing innovative security solutions and maintaining vigilance, organizations can mitigate risks and safeguard their digital assets against malicious actors. Organizations can leverage the insights provided by Perception Point’s 2024 Annual Report to gain a deeper understanding of the threat landscape and tailor their defense strategies accordingly.
Download the full “2024 Annual Report: Cybersecurity Trends & Insights” now!