High Stakes: Business Email Compromise

Uploaded on 2024-09-04 in NEWS-Cybersecurity News, FREE TO VIEW

VIPRE's Q2 2024 Email Threat Trends Report which highlights the ingenuity of cyber criminals in using AI to evade detection and maliciously scam individuals and enterprises. VIPRE processed 1.8 billion emails globally, detecting 226.45 million spam emails and 16.91 million malicious URLs to identify the email threat trends that impact enterprises the most.

BEC remains a major scourge. Nearly half (49%) of all detected spam emails are attributed to BEC scams, with the CEO, followed by HR and IT, being the most common targets.

A more sinister development is that VIPRE found that 40% of the BEC emails were AI-generated. In some cases,  AI created the entire message.

The key findings include: 

  • Double the Malicious Attachments: Q2 2024 saw twice as many evasive malicious attachments compared to the previous year, underlining the sophistication of modern email exploits. Organisattions without measures to detect these advanced threats could find themselves in hot water, facing double the risk compared to Q2 last year.
  • 74% Increase in Malicious Links: The research identified 16.91 million malicious URLs, a 74% rise from the previous year. This surge highlights the growing use of advanced evasion techniques by attackers. 
  • Emerging trends in Phishing and Malspam: Phishing remains a dominant threat with attackers favouring URL redirection and cloud-hosting services. Cloudflare Turnstile was the most commonly used technique (51%) in phishing emails. 

Cloudflare Turnstile is a free service designed to protect websites from malicious traffic and functions as an advanced CAPTCHA alternative. 

A significant shift in malspam tactics was observed. 86% of malspam emails used malicious links and only 14% contained attachments, a reverse of the Q1 2024 trend, where 78% of malspam emails contained malicious attachments, while only 22% used malicious links. 

This swing may be due to the increasing difficulty in detecting malicious links leading to seemingly legitimate websites that contain infected links. 

Sector-Specific Targeting: Threat actors increasingly targeted the manufacturing sector with 25% of email attacks, followed by retail (which was absent from 2023’s targets) at 20% and real estate at 11%. 
Attackers appear to be focusing on industries perceived as lacking advanced cybersecurity measures. In 2023, finance led the way with 25% of email attacks, and manufacturing surged to 43% in Q1 2024, a top position the sector continues to hold.

Regional Spam Sources: The US continues to be the top contender when it comes to sending and receiving spam (receiving nearly half of all phishing emails), most likely thanks to its vast data centre infrastructure. Consistent with last quarter, the UK was the second-largest source of spam, followed by Canada, Sweden, and Iceland; three countries that failed to make the list either last quarter or this time last year. 

“As AI technology advances, the potential for BEC attacks grows exponentially. Malefactors are now leveraging sophisticated AI algorithms to craft compelling phishing emails, mimicking the tone and style of legitimate communications,” commented Usman Choudhary, Chief Product & Technology Officer at VIPRE.

“The next wave of BEC attacks could see attackers using AI to dynamically analyse and exploit real-time information, creating tailored and contextually accurate scams nearly indistinguishable from genuine correspondence...

“Enterprises must stay ahead by adopting robust AI-driven defences and continuously educating their workforce on emerging threats.” Choudhury concludes.

Image: Gustavo Fring

You Might Also Read: 

Defending Against Business Email Compromise:

DIRECTORY OF SUPPLIERS - Email Security:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Bolster Security Using Dark Web Intelligence
Global AI Safety: Scientists Can Move The Needle »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Webroot

Webroot

Webroot delivers next-generation endpoint security and threat intelligence services to protect businesses and individuals around the globe.

Cybsecurity Foundation (CSF)

Cybsecurity Foundation (CSF)

Cybsecurity is a non-profit NGO, which aims to work on improvement of security levels in the Polish cyberspace.

MarQuest

MarQuest

MarQuest provides services and systems to enhance network reliability and security.

Jetico

Jetico

Jetico provides pure & simple data protection software for all sensitive information throughout the lifecycle. Solutions include data encryption and secure data erasure.

4N6

4N6

4N6 is a privately-owned firm founded with the goal of providing expert knowledge of computer forensics.

Convercent

Convercent

We offer comprehensive and integrated compliance management, reporting, and analytics. A 360-degree view of compliance drives efficiency by aligning initiatives and data into a single dashboard.

SCADAfence

SCADAfence

SCADAfence offers cutting edge cybersecurity solutions designed to ensure the operational continuity of industrial (ICS/SCADA) networks.

CYRail

CYRail

CYRail project will analyse threats targeting Railway infrastructures and develop innovative attack detection and alerting techniques.

Griffiss Institute (GI)

Griffiss Institute (GI)

GI's primary role is to advocate and facilitate the co-operation of private industry, academia, and the Air Force Research Laboratory in developing solutions to critical cyber security problems.

Active Countermeasures

Active Countermeasures

Active Countermeasures believe in giving back to the security community. We do this through free training, thought leadership, and both open source and affordable commercial tools.

Defentry

Defentry

Defentry have created an Ecosystem that lets our users easily monitor, train and resolve their digital security issues.

Infinipoint

Infinipoint

Infinipoint pioneers the first Device-Identity-as-a-Service (DIaaS) solution, addressing Zero Trust device access and enabling enterprises of all sizes to automate cyber hygiene.

CyberQP

CyberQP

CyberQP (formerly Quickpass Cybersecurity) provide Privileged Access Management built for MSPs. Our system is designed to reduce ransomware and social engineering attack risks.

UM6P Ventures

UM6P Ventures

UM6P Ventures is an African based early-stage ventures firm operating two funds; a Digital Transformation fund and a Deeptech Ventures fund.

Methods

Methods

Methods is the leading digital transformation partner for the UK public sector. We care deeply about making our public services better and have been doing this for over 28 years.

SPYROS Information & Technology Consulting

SPYROS Information & Technology Consulting

SPYROS specializes in providing highly qualified professionals in Computer Network Operations, Signals Intelligence, Technical Training and Certifications, Network Administration and Security.