Nearly half (49%) of spam emails can be attributed to BEC scams, with the CEO, HR, and IT being the most common targets. Alarmingly, some 40% of BEC emails are AI-generated, and in some instances, AI more than likely created the entire message.
These were two of the findings of the VIPRE Q2 2024 Email Threat Trends Report, which processed 1.8 billion emails globally, detecting 226.45 million spam emails and 16.91 million malicious URLs to identify the email threat trends that impact organizations the most.
According to the company, the report shines the spotlight on the ingenuity of malicious actors in using AI to evade detection and scam people and businesses.
Leveraging Sophisticated Algorithms
Usman Choudhary, Chief Product and Technology Officer, VIPRE Security Group, says: “As AI technology advances, the potential for BEC attacks grows exponentially. Malefactors are now leveraging sophisticated AI algorithms to craft compelling phishing emails, mimicking the tone and style of legitimate communications.
The next wave of BEC attacks could see attackers using AI to dynamically analyse and exploit real-time information, creating tailored and contextually accurate scams nearly indistinguishable from genuine correspondence, Choudhary added. “Enterprises must stay ahead by adopting robust AI-driven defenses and continuously educating their workforce on emerging threats.”
Twice the Malice
In Q2 2024, double the number of evasive malicious attachments were detected compared to the year before, highlighting the growing sophistication of modern email exploits. Businesses that lacked solutions to detect these advanced threats could find themselves in deep trouble, facing twice the risk this year.
The research also detected 16.91 million malicious URLs, a staggering almost three-quarters (74%) rise from last year. Again, this surge indicates that malefactors are adept at using advanced evasion techniques.
Emerging Trends
Phishing, as usual, emerged as a dominant threat, with bad actors favoring URL redirection and cloud-hosting services. Cloudflare Turnstile was the most commonly used technique in over half of phishing emails (51%). Cloudflare Turnstile is a free service designed to protect websites from malicious traffic and functions as an advanced CAPTCHA alternative.
A significant shift in malspam tactics was noted. A full 86% of malspam emails used malicious links, and only 14% contained attachments – a reverse of the Q1 2024 trend, where 78% of malspam emails contained malicious attachments, while only 22% used malicious links.
VIPRE speculated that this swing may be due to the increasing difficulty in detecting malicious links leading to seemingly legitimate websites that harbor infected links.
Sector-Specific Targeting
When it came to which sectors were in the cross hairs, malefactors increasingly targeted the manufacturing sector with a quarter (25%) of email attacks, followed by retail (which didn’t appear in 2023’s targets) at 20% and real estate at 11%. Cybercriminals appear to be focusing on industries they believe lack advanced cybersecurity measures.
In 2023, finance led the way with 25% of email attacks, and manufacturing surged to 43% in Q1 2024, a top position the sector continues to hold.
Regional Spam Sources
Looking at the culprits behind spam, the US remains the top contender when it comes to sending and receiving spam (receiving nearly half of all phishing emails), most likely due to its massive data center infrastructure.
Consistent with last quarter, the UK was the second-largest source of spam, followed by Canada, Sweden, and Iceland, three countries that failed to make the list either last quarter or this time last year.
To read the full report, click here: VIPRE’s Email Threat Trends Report: Q2 2024.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.