Business Email Compromise Attacks Surge Due to GenAI

By Greg Tavarez March 19, 2024

The fight against cybercrime is a constant struggle. (Not to sound like a broken record, but it's still true.) Those on the frontlines of this battle? Businesses, which are the lifeblood of the global economy,

A new report by Perception Point, a cybersecurity firm, sheds light on this critical issue. The report, titled "2024 Annual Report: Cybersecurity Trends & Insights," reveals a surge in social engineering-based business email compromise (BEC) attacks, fueled by the increasing power and accessibility of generative AI tools.

Perception Point's findings, based on data collected from their threat detection platform and analyzed by their Incident Response team, highlight a 1,760% year-on-year increase in BEC attacks throughout 2023. This statistic raises an alarm for the growing sophistication of cybercriminals who are exploiting GenAI to craft highly targeted and realistic social engineering campaigns.

In 2022, BEC attacks represented a mere 1% of all cyberattacks. However, with the aid of GenAI, these attacks skyrocketed to 18.6% of all attacks in 2023. GenAI empowers attackers to create convincing forgeries, such as emails that appear to originate from legitimate sources within a company or from trusted business partners. These emails often contain a sense of urgency or exploit existing trust relationships to pressure victims into clicking malicious links or divulging sensitive information.

The report delves deeper into the broader cybersecurity threats plaguing modern organizations, as well. While phishing remains the most prevalent cyber threat, accounting for over 70% of all attacks, new and concerning trends have emerged.

One such trend is "quishing," a novel phishing technique that leverages the widespread use of QR codes. In 2023, 2.7% of all phishing attempts involved quishing. Attackers exploit the inherent trust associated with QR codes, often used for accessing menus, downloading apps, or making payments. These malicious QR codes, embedded within emails, can lead victims to phishing websites designed to steal login credentials, financial information or other sensitive data. Perception Point's data reveals that one out of every 18 QR codes sent via email in 2023 were found to be malicious. This highlights the need for increased user awareness and caution when scanning QR codes, particularly those received through unsolicited emails.

Another concerning development is the rise of two-step phishing attacks, which have grown by 175% in the past year. These multi-stage attacks are particularly deceptive because they exploit legitimate services and websites. Attackers might use a free web hosting platform to create a seemingly legitimate login page that mimics the login page of a trusted cloud storage service. The victim, lured by a phishing email containing a link to the fake login page, unknowingly enters their credentials, which are then harvested by the attacker. This tactic allows attackers to piggyback on the reputation of trusted platforms, making it harder for security systems to detect the malicious intent behind the attack.

The report also identifies a significant increase in account takeover attacks, where attackers compromise legitimate accounts outside an organization (often referred to as vendor email compromise) and then use those compromised accounts to launch targeted attacks within the victim organization. ATO attacks surged by 350% in 2023. Attackers might target vendors or suppliers with weak security measures, compromising their email accounts. Once compromised, these accounts are then used to send seemingly legitimate emails to employees within the target organization. These emails, often containing malicious attachments or links, can be particularly deceptive as they appear to come from a trusted source within the supply chain.

Furthermore, brand impersonation tactics are becoming increasingly sophisticated. In 2023, a staggering 55% of all brand impersonation attacks mimicked the targeted employee's own organization. This tactic allows attackers to exploit existing trust relationships within a company, making it easier to deceive victims. An attacker might impersonate a company executive and send an email to an employee in the finance department, requesting an urgent wire transfer. The email might contain the company logo and other seemingly legitimate details, making it difficult for the employee to distinguish the fraudulent email from a genuine communication.

"We are witnessing an unprecedented surge in social engineering threats and highly evasive attacks that demand innovative security solutions," said Yoram Salinger, CEO at Perception Point. "In parallel, the modern workspace continues to evolve with users relying more and more upon a suite of cloud-based email, collaboration and productivity tools which can be accessed on any browser, everywhere. At Perception Point, we are committed to leading the charge to protect the modern workspace."

As Salinger was hinting at (about protecting the modern workspace), organizations need to adopt a multi-layered approach to cybersecurity. This includes ongoing employee education and awareness training programs to help employees identify and avoid social engineering scams. Training programs should focus on educating employees about the latest phishing tactics, such as quishing and two-step phishing, and equip them with the skills to scrutinize emails for suspicious elements, like grammatical errors, unusual sender addresses, and a sense of urgency or pressure.

Organizations should also invest in robust security solutions that can detect and block sophisticated phishing attempts. These solutions should employ advanced threat detection techniques, such as natural language processing (NLP)

Edited by Alex Passett
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

Bill Dunnion Joins the Team: Mitel Appoints New CISO to Oversee Security Strategies

Mitel has announced the appointment of Bill Dunnion as Chief Information Security Officer (CISO).

Read More

Singtel Teams with Vonage to Drive Global Enterprise and Telco Innovation

Singtel announced a strategic partnership with cloud communications giant Vonage to fuel innovation and scalability for enterprises and telecommunications providers.

Read More

Broadvoice Expands Channel Partner Program in CCaaS Market with Veteran CX Hires

Broadvoice, a provider of omnichannel contact center and unified communication solutions for SMBs and business process outsourcing firms, expanded its growing Channel Partner Program in the CCaaS market.

Read More

LEAP Boosts Global Customer Reach with Vonage SIP Trunking API Integration

By tapping into Vonage's Communications APIs, LEAP aims to revolutionize customer connectivity and streamline operations for businesses across Southeast Asia.

Read More

Navigating Tax and Compliance with SkySwitch at Annual Vectors Conference

SkySwitch, a BCM One company and premier white-label UCaaS platform provider, held its annual SkySwitch Vectors 2024 event this week. One session that took place specifically covered tax and compliance regulations and how partners and other resellers can proactively benefit.

Read More