Links Overtake Attachments as Email Cyber Weapon of Choice

Share
The Global Threat Intelligence Report from Mimecast
The Global Threat intelligence Report from Mimecast shows links are being preferred to attachments for the first time as cyber attacks shift focus

For the first time, the average cyber attack is now more likely to come from a malicious link than a malicious attachment.

That’s according to the latest Global Threat Intelligence Report from Mimecast which highlights key cybersecurity trends spotted for Q4 2023 that CISOs need to address today.

That is especially the case for those cybersecurity professionals working in finance, hospitality, travel, HR, and recruitment – which remain the industries and sectors most targeted by criminals.

Mimecast produces its analysis based on the 1.7 billion emails it examines every day for more than 42,000 customers. This provides a unique snapshot and insights into real-world, real-time security – often providing an ‘early warning system’ for CISOs globally.

That headline finding of links overtaking attachments highlights a shift in tactics that also saw a rise in the use of QR codes to sidestep defences.

Following high-profile attacks earlier in 2023 on major casinos earlier in the year, bad actors continued to focus on travel, hospitality, and catering companies in Q4, elevating the sector to second spot on the most-attacked list behind banking. The sector third on the hit-list is human resources and recruitment, although attacks have declined.

Key findings from the Q3 report cover the sectors attacked, methodology, and the rise of generative AI.

Sectors 

The sectors that experienced the most attacks in the fourth quarter of 2023 were financial institutions; travel, hospitality, and catering; and human resources and recruitment services. Attacks were driven by ransomware, data theft, and business email compromise (BEC). 

Additionally, across all industries, users at small and medium-sized firms encountered more than twice the number of threats as those at large companies. 

Links vs. Attachments 

For the first time, the average user was more likely to receive a malicious link than an attachment in Q4. Previously, attackers relied more on known malware to deliver payloads. 

Geopolitics 

Geopolitical tensions have increased, with the conflict in Israel and Gaza proving to be the latest to drive politically motivated cyberattacks on critical infrastructure and rival governments.

Generative AI 

Attackers are using generative AI and machine-learning models to create more convincing phishing lures and translate attacks into other languages. Technical threat indicators, such as domain reputation, browser isolation, and malware analysis, will be increasingly necessary to block attacks. 

QR Codes 

Using QR codes to mask malicious links has continued to grow in popularity since a boom in the use of QR codes during the COVID-19 pandemic.

Youtube Placeholder

Ransomware payments fall as victims fight back

Attacks are on the rise, and becoming more sophisticated, but victims are fighting back. Payment rates for ransomware attacks have plummeted.

Back in 2019, payments were around 85% of the original ransom demand. Now those rates are around 35%.

Mimecast has identified three reasons that might be behind the changing economics of ransomware:

  1. Companies do not trust cybercriminals will be able to recover data
  2. Organisations have improved their security stance
  3. Paying ransoms to threat actors from certain nation-states is now illegal

There are signs that machine learning and generative AI are also changing the threat landscape. Phishing lures are becoming more convincing and easier to tailor to specific audiences thanks to generative AI.

Read the full Mimecast report.

**************

Make sure you check out the latest industry news and insights at Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

**************

Cyber Magazine is a BizClik brand 

**************

 

Share

Featured Articles

How Palo Alto Networks Open API Advances Quantum Security

Palo Alto Networks develops quantum random number generation techniques to protect against quantum-based threats and partners with six quantum tech firms

Splunk Reveals CISOs’ Rapid Rise to Corporate Power

Splunk research shows dramatic shift in cybersecurity chief influence as direct CEO reporting jumps from 47% in 2023, despite board expertise gaps

How Fortinet is Tackling Cyber Skills Gap with STEM Alliance

Fortinet’s training programme reaches nine million students as education sector faces mounting threats, with 82% of institutions reporting breaches

BT's Security Chief: Why AI Poses Such a Risk to Security

Cyber Security

How Supply Chain Cyber Threats Cost The Global Economy

Cyber Security

How Kroll and DORA Tackle Supply Chain Cybersecurity Risks

Operational Security