A report by Acronis found email attack instances were 293% greater in the first half of 2024 when compared to the first half of 2023. This report, which emphasizes emerging cybersecurity trends, noted current trends in ransomware, phishing, email attacks and more. Some key findings from the report include:
- Ransomware detection volume increased by 32% from Q4 2023 to Q1 2024.
- Email communications per organization increased by 25%, coinciding with a 47% in email attacks that targeted organizations.
- 26% of targets encountered phishing attempts via malicious URLs.
- Social engineering schemes rose by 5% since the first half of 2023.
- Malware attacks decreased from 11% to 4% since the first half of 2023.
Security leaders weigh in
Stephen Kowski, Field CTO SlashNext Email Security+:
“Organizations should implement advanced email security with AI-powered threat detection, enable multi-factor authentication and conduct regular security awareness training for employees. Leveraging real-time phishing protection that analyzes URLs and attachments can also significantly reduce email-based threats.
“SMBs must prioritize regular software updates, implement robust backup solutions and deploy next-generation endpoint protection with behavioral analysis capabilities. Utilizing a comprehensive security platform that offers ransomware-specific defenses and provides real-time threat intelligence can greatly enhance an SMB’s resilience against attacks.
“Generative AI and LLMs are enabling attackers to create more convincing phishing emails, deepfakes and automated attack scripts at scale. These technologies allow cybercriminals to personalize social engineering attempts and rapidly adapt their tactics, making traditional defenses less effective. What used to be zero-day are now zero-hour at least. Human defenders alone won’t be able to keep up.
“To counter AI-generated attacks, organizations should deploy security solutions that leverage generative AI and use machine learning to detect anomalies in email content, sender behavior and communication patterns. Implementing advanced anti-phishing technology that can identify and block sophisticated impersonation attempts in real-time is crucial for defending against these evolving threats.”
Nicole Carignan, Vice President of Strategic Cyber AI, at Darktrace:
“Despite increased focus on email security and employee training, organizations and their employees continue to get phished. Many tools used by organizations today rely on historical attack data to identify and stop known email threats from reentering inboxes. However, this approach often falls flat against new or unknown threats. With the increasing use of generative AI by threat actors, our dependence on traditional threat intelligence or rules and signature-based defense systems will lessen as threat actors now can quickly adopt and change signatures, hashes and indicators of compromise to evade defenses.
“As sophistication of phishing attacks continue to grow, organizations cannot rely on employees to be the last line of defense against these attacks. Instead, organizations must use tools that can understand how their employees interact with their inboxes and build a profile of what activity is normal for users — their relationships, tone and sentiment, content, when and how they follow or share links. Only then can they accurately recognize suspicious activity that may indicate an attack or business email compromise.”
Mr. Mika Aalto, Co-Founder and CEO at Hoxhunt:
“To better protect their email communications, organizations need to start with the basics — multi-factor authentication and end-to-end encryption for sensitive information sharing — and from there build a vibrant security culture upon a human risk management platform. Whereas a traditional security awareness training tool is geared for compliance, a human risk management platform is based on measurable behavior change and risk reduction, starting with threat reporting. Reporting an attack alerts the SOC to the danger and an AI-powered human risk management platform automatically categorizes the report and accelerates incident response. To transform your people form your greatest risk to your greatest resource, you need dynamic phishing training that automatically adapts to the latest threats and adjusts to the user’s individual needs as they change over time.
“Language and technical barriers to social engineering are being lowered by the day with AI. The believability and sophistication of social engineering campaigns are improving by the month. Deepfake technology allows AI to create audio and video content that impersonates trusted individuals, making social engineering attacks even more effective. AI also automates the process of crafting and sending phishing emails, enabling attackers to target a larger number of victims with minimal effort. Additionally, AI can analyze publicly available data to personalize phishing emails, increasing the likelihood of success.
“The shift from malware attacks to social engineering attacks indicates that cybercriminals are increasingly focusing on exploiting human vulnerabilities rather than technical ones. This trend underscores the importance of investing in human-centric security measures, such as personalized training and awareness programs, to reduce the risk of social engineering attacks. Developing adaptive security strategies that can respond to the evolving tactics of cybercriminals is also crucial. Implementing continuous monitoring and threat detection helps quickly identify and respond to social engineering attempts. Empowering employees to act as the first line of defense by reporting suspicious activities and participating in security initiatives is vital.”
https://www.securitymagazine.com/articles/100922-email-attacks-rose-by-293-compared-to-the-first-half-of-2023