In the dynamic world of cybersecurity, 2023 marked a significant shift, underscored by a 1760% increase in Business Email Compromise (BEC) attacks. This startling revelation, detailed in Perception Point’s ‘2024 Annual Report: Cybersecurity Trends & Insights‘, points to the growing sophistication of cyber threats. The Tel Aviv-based leader in advanced email and workspace security solutions highlights how Generative AI (GenAI) technologies have become a tool for threat actors, enabling them to craft intricate social engineering attacks that are increasingly difficult to detect.
The past year’s cyber landscape was shaped by the remarkable advances in GenAI, which malicious actors used to enhance the scale and complexity of their attacks. In 2022, BEC attacks constituted a mere 1% of all cyberattacks, but by 2023, they accounted for a staggering 18.6%.
Phishing continued to be the dominant cyber threat, accounting for over 70% of all attacks, with little change from the previous year. However, quishing—a new form of threat exploiting QR codes—emerged, accounting for 2.7% of all phishing attempts. The trust placed in QR codes has been manipulated by attackers, turning a simple scan into a significant security risk. In 2023, 1 out of every 18 QR codes sent via email was malicious.
Additionally, the prevalence of two-step phishing attacks saw a 175% increase. These multi-stage attacks, harder to detect due to their use of legitimate services and hosting sites, exploit the reputations of well-known domains, evading detection more easily.
The report also highlights a 350% rise in account takeover (ATO) threats, where legitimate accounts are compromised and then used in highly targeted attacks. Brand impersonation attacks also saw a significant increase, with 55% of all such attacks in 2023 mimicking the targeted employee’s organization.
Email remained the primary attack vector, with 1 in 5 emails being malicious or spam. Threat actors expanded their horizons to target organizations through other means as well, with phishing attacks via web browsers increasing significantly and malware distribution in M365 Apps like OneDrive, SharePoint, and Teams accounting for 65% of attacks. Over 50% of attacks targeted CRMs like Zendesk and Salesforce.
Yoram Salinger, CEO of Perception Point, emphasizes the impact of GenAI’s proliferation on organizational security postures. He highlights the evolving nature of the modern workspace, increasingly reliant on cloud-based email, collaboration, and productivity tools accessible from any browser. Perception Point’s commitment to protecting this modern workspace is evident in their consolidated threat prevention solution, which combines multi-layered AI-powered detection with managed incident response services.
Perception Point, a Prevention-as-a-Service company, stands at the forefront of next-generation prevention, detection, and response to attacks across email, cloud collaboration apps, and web browsers. Their cloud-native service, easy to deploy and manage, is designed to replace cumbersome legacy systems. It prevents phishing, BEC, spam, malware, Zero-days, ATO, and other advanced attacks, protecting Fortune 500 enterprises and organizations globally.
This comprehensive report by Perception Point offers invaluable insights into the evolving cyber threat landscape, underscoring the need for innovative security solutions in an era where GenAI and advanced social engineering tactics are becoming the norm. You can view the full report here.
This article first appeared in Unite.ai, written by Antoine Tardif on February 29, 2024.