Perception Point has uncovered a staggering 1,760% year-on-year increase in social engineering-based Business Email Compromise (BEC) attacks throughout 2023. The company's "2024 Annual Report: Cybersecurity Trends & Insights" highlights the growing sophistication of these attacks, with threat actors leveraging increasingly accessible Generative AI (GenAI) tools to craft highly intricate and convincing social engineering schemes.
The report attributes this alarming rise in BEC attacks to the advancements in GenAI technology, which have enabled cybercriminals to enhance and scale their operations. BEC attacks, which represented a mere 1% of all cyberattacks in 2022, accounted for 18.6% of the total in 2023. This shift underscores the evolving landscape of cyber threats and the urgent need for organizations to adapt their security measures.
Perception Point's analysis also sheds light on a significant shift towards evasive tactics, such as quishing (QR code phishing) and two-step phishing. These methods bypass traditional security systems, posing a growing threat to organizations. The report reveals that 2.7% of all phishing attempts in 2023 were quishing attacks, with one out of every 18 QR codes sent via email being malicious.
Two-step phishing attacks, characterized by their multi-stage nature, saw a 175% increase over the year. These attacks exploit legitimate services and hosting sites to evade detection, making them particularly challenging to identify and counter.
Furthermore, the report highlights a 350% increase in account takeover (ATO) based threats, where a legitimate account outside the organization is compromised and used in highly targeted attacks. Brand impersonation attacks also saw a significant rise, with 55% of all such attacks in 2023 impersonating the organization that an employee works for.
Email remains the top attack vector, with one in five emails categorized as either malicious or spam. However, threat actors are also targeting organizations through their expanding user workspace, with phishing attacks via web browsers and malware distribution in M365 Apps like OneDrive, SharePoint, and Teams on the rise.
Yoram Salinger, CEO at Perception Point, emphasized the urgent need for innovative security solutions in the face of these evolving threats. "Organizations of all sizes are entering a new frontier with the proliferation of GenAI and its implications on their security posture," said Salinger. "We are witnessing an unprecedented surge in social engineering threats and highly evasive attacks that demand innovative security solutions. At Perception Point, we are committed to leading the charge to protect the modern workspace, with the leading consolidated threat prevention solution leveraging multi-layered AI-powered detection, uniquely combined with a managed incident response service."
As the modern workspace continues to evolve, with users relying more on cloud-based email, collaboration, and productivity tools accessible from any browser, the need for comprehensive and advanced security measures has never been more critical.