Links Overtake Attachments as Email Cyber Weapon of Choice
For the first time, the average cyber attack is now more likely to come from a malicious link than a malicious attachment.
That’s according to the latest Global Threat Intelligence Report from Mimecast which highlights key cybersecurity trends spotted for Q4 2023 that CISOs need to address today.
That is especially the case for those cybersecurity professionals working in finance, hospitality, travel, HR, and recruitment – which remain the industries and sectors most targeted by criminals.
Mimecast produces its analysis based on the 1.7 billion emails it examines every day for more than 42,000 customers. This provides a unique snapshot and insights into real-world, real-time security – often providing an ‘early warning system’ for CISOs globally.
That headline finding of links overtaking attachments highlights a shift in tactics that also saw a rise in the use of QR codes to sidestep defences.
Following high-profile attacks earlier in 2023 on major casinos earlier in the year, bad actors continued to focus on travel, hospitality, and catering companies in Q4, elevating the sector to second spot on the most-attacked list behind banking. The sector third on the hit-list is human resources and recruitment, although attacks have declined.
Key findings from the Q3 report cover the sectors attacked, methodology, and the rise of generative AI.
Sectors
The sectors that experienced the most attacks in the fourth quarter of 2023 were financial institutions; travel, hospitality, and catering; and human resources and recruitment services. Attacks were driven by ransomware, data theft, and business email compromise (BEC).
Additionally, across all industries, users at small and medium-sized firms encountered more than twice the number of threats as those at large companies.
Links vs. Attachments
For the first time, the average user was more likely to receive a malicious link than an attachment in Q4. Previously, attackers relied more on known malware to deliver payloads.
Geopolitics
Geopolitical tensions have increased, with the conflict in Israel and Gaza proving to be the latest to drive politically motivated cyberattacks on critical infrastructure and rival governments.
Generative AI
Attackers are using generative AI and machine-learning models to create more convincing phishing lures and translate attacks into other languages. Technical threat indicators, such as domain reputation, browser isolation, and malware analysis, will be increasingly necessary to block attacks.
QR Codes
Using QR codes to mask malicious links has continued to grow in popularity since a boom in the use of QR codes during the COVID-19 pandemic.
Ransomware payments fall as victims fight back
Attacks are on the rise, and becoming more sophisticated, but victims are fighting back. Payment rates for ransomware attacks have plummeted.
Back in 2019, payments were around 85% of the original ransom demand. Now those rates are around 35%.
Mimecast has identified three reasons that might be behind the changing economics of ransomware:
- Companies do not trust cybercriminals will be able to recover data
- Organisations have improved their security stance
- Paying ransoms to threat actors from certain nation-states is now illegal
There are signs that machine learning and generative AI are also changing the threat landscape. Phishing lures are becoming more convincing and easier to tailor to specific audiences thanks to generative AI.
Read the full Mimecast report.
**************
Make sure you check out the latest industry news and insights at Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024
**************
Cyber Magazine is a BizClik brand
**************
