In the past year, cyberattacks on business email accounts have seen a significant increase, now representing 10.6% of all social engineering attacks. This is according to the report ‘Email Threats and Trends, Vol. 1’ from Barracuda Networks, which also highlights a alarming 70% increase in conversation hijacking since 2022.
The report points out that cybercriminals are adapting their techniques and using generative artificial intelligence to expand their attacks, evade traditional security measures, and deceive their victims more effectively.
“IT and security professionals must be vigilant about the evolution of email threats and understand what this means for security measures and incident response,” said Sheila Hara, senior director of product management at Barracuda. “This includes understanding how attackers can leverage generative AI to advance and scale their activities, and the latest tactics they are using to bypass security controls.”
Key Data from the Report
The Barracuda Networks report presents several noteworthy figures:
– Increase in BEC Attacks: Business Email Compromise (BEC) attacks accounted for over 10% of all social engineering attacks in 2023, up from 8% in 2022 and 9% in 2021.
– Rise in Conversation Hijacking: Conversation hijacking accounted for 0.5% of social engineering attacks in 2023, a nearly 70% increase from 0.3% in 2022. While these attacks are complex to execute, the rewards can be significant.
– QR Code Attacks: Approximately 1 in 20 mailboxes were attacked with QR codes in the last quarter of 2023. These attacks are difficult to detect with traditional email filters and often redirect victims to unprotected personal devices.
– Use of Gmail: Gmail was the most used email service for social engineering, accounting for 22% of domains used in these attacks in 2023. More than half of Gmail attacks were BEC-related.
– Shortened URLs: The URL shortening platform, bit.ly, was used in almost 40% of social engineering attacks with shortened URLs, hiding the true link and making it difficult to detect the real destination of the link.
Evolving Threats
Barracuda researchers have been tracking five distinct categories of social engineering attacks, analyzing 69 million attacks on 4.5 million mailboxes over 12 months for this report. Their findings show which types of attacks are on the rise and which are causing the most damage.
In conclusion, the Barracuda Networks report underscores the importance of constant monitoring and continuous updating of security measures to confront the growing sophistication of cyberattacks targeting business emails.