In the ever-evolving realm of cybersecurity, the year 2023 witnessed a significant transformation, characterized by a 1760% surge in Business Email Compromise (BEC) attacks. This alarming data, as outlined in Perception Point’s ‘2024 Annual Report: Cybersecurity Trends & Insights’, sheds light on the escalating sophistication of cyber threats. The renowned Tel Aviv-based provider of advanced email and workspace security solutions underscores how Generative AI (GenAI) technologies have been harnessed by threat actors to orchestrate elaborate social engineering attacks that are increasingly challenging to detect.
The cyber landscape of the past year was profoundly influenced by the remarkable advancements in GenAI, which malicious entities leveraged to amplify the scale and intricacy of their attacks. In 2022, BEC attacks constituted a mere 1% of all cyber threats, yet by 2023, they surged to a staggering 18.6%.
While phishing continued to dominate the cyber threat landscape, constituting over 70% of all attacks, there was a new player on the scene – quishing. This emerging threat, exploiting QR codes, accounted for 2.7% of all phishing attempts in 2023. Attackers manipulated the trust placed in QR codes, turning a simple scan into a significant security vulnerability. Shockingly, 1 out of every 18 QR codes sent via email in 2023 was malicious.
Moreover, the prevalence of two-step phishing attacks witnessed a 175% uptick. These multi-stage assaults, camouflaged by their utilization of legitimate services and hosting sites, exploited the reputations of well-known domains, thereby eluding detection more effectively.
The ‘2024 Annual Report’ also highlights a 350% escalation in account takeover (ATO) threats, where legitimate accounts are compromised and subsequently used in highly targeted attacks. Brand impersonation attacks experienced a substantial surge, with 55% of all such attacks in 2023 mimicking the organization of the targeted employee.
Email remained the primary conduit for attacks, with 1 in 5 emails being either malicious or spam. Threat actors expanded their reach to target organizations through alternative avenues as well, with phishing attacks via web browsers witnessing a significant rise, and malware distribution in M365 Apps like OneDrive, SharePoint, and Teams accounting for 65% of attacks. Over 50% of attacks were directed at CRMs such as Zendesk and Salesforce.
Yoram Salinger, the CEO of Perception Point, accentuates the impact of GenAI’s proliferation on organizational security postures. He underscores the evolving nature of the modern workspace, increasingly reliant on cloud-based email, collaboration, and productivity tools accessible from any browser. Perception Point’s dedication to safeguarding this modern workspace is evident in their unified threat prevention solution, amalgamating multi-layered AI-powered detection with managed incident response services.
Perception Point, a pioneer in Prevention-as-a-Service, stands at the vanguard of next-generation prevention, detection, and response to attacks across email, cloud collaboration apps, and web browsers. Their cloud-native service, known for its ease of deployment and management, aims to supplant cumbersome legacy systems. It thwarts phishing, BEC, spam, malware, Zero-days, ATO, and other advanced attacks, safeguarding Fortune 500 enterprises and organizations worldwide.
This comprehensive report by Perception Point furnishes invaluable insights into the evolving cyber threat landscape, emphasizing the necessity for innovative security solutions in an era where GenAI and advanced social engineering tactics are becoming prevalent. For a detailed exploration of the report, you can access it here.