In the first half of this year, there was a significant increase in the volume and sophistication of cyber attacks targeting businesses globally, according to a new report from Perception Point. The H1 2024 Cybersecurity Trends & Insights report reveals a 24% increase in malicious attacks per user in the first half of 2024 year over year, underscoring the escalating threat landscape. The report draws on data gathered from Perception Point’s AI-powered advanced threat prevention platform, and managed Incident Response service.
Some key findings from the report include:
- Business Email Compromise (BEC) Attacks Surge: BEC attacks saw a 42% increase in the first half of 2024 compared to the same period in 2023. These socially engineered attacks, often targeting high-level business stakeholders, now account for 21% of all email attacks, up from 15% in the first half of 2023.
- Vendor Email Compromise (VEC) on the Rise: VEC attacks, a subset of BEC targeting supply chain communications, rose by 66% in the first half of 2024. This trend highlights the growing threat to trusted business relationships, and the need to protect companies’ no matter their size, with attackers increasingly exploiting vendor communications to defraud businesses.
- Phishing Remains Dominant: Phishing continues to be the top threat across the modern workspace, representing 75% of all email-based attacks and 89% of browser-based threats in the first half of 2024.
- Malware Targeting Microsoft 365: Attacks targeting Microsoft 365 web applications, such as SharePoint, OneDrive, and Teams, were predominantly malware-based, accounting for 68% of all incidents in this channel.
Phishing Dominates Threat Landscape
The report also highlights the significant threat posed by browser-based attacks. In the first half of 2024, phishing dominated browser-based threats, accounting for 89% of all incidents, up from 82% in the first half of 2023. As browsers have become the most used enterprise app in the modern workspace, attackers increasingly target this vector to deploy phishing, malware, and advanced attacks. Perception Point’s Advanced Browser Security solution addresses these challenges by dynamically scanning at the browser-level, detecting and blocking malicious behaviors.
Additionally, cloud collaboration channels — including Microsoft 365, Salesforce, and Zendesk — have become increasingly attractive targets for cyber attackers. In the first half of 2024:
- Microsoft 365 channels faced a high volume of malware attacks, which made up 68% of all incidents;
- Phishing was the leading attack vector in Salesforce, representing 65% of all threats; and
- Zendesk saw a surge in phishing attacks, comprising 66% of all security incidents.
These findings underscore the critical need for robust security measures to protect cloud-based applications that are integral to modern business operations against file and URL based threats.
“Organizations of all sizes are facing an increasingly complex and sophisticated threat landscape with cybercriminals constantly sharpening their tools, particularly with the use of generative AI.”
— Yoram Salinger,
CEO, Perception Point
BEC and VEC attacks are gradually replacing traditional malware attacks as the preferred method of cybercriminals, according to the report. This trend underscores the growing usage of GenAI to scale and increase the sophistication of social engineering techniques, where attackers exploit human vulnerabilities. As a result, traditional security systems that primarily rely on threat intelligence and known signatures are increasingly inadequate in combating these sophisticated threats.
“Organizations of all sizes are facing an increasingly complex and sophisticated threat landscape with cybercriminals constantly sharpening their tools, particularly with the use of generative AI,” said Yoram Salinger, CEO of Perception Point. “The rise of social engineering attacks, the ongoing dominance of phishing, and the threat of ransomware underscores the urgent need for innovative security solutions to protect the modern workspace. At Perception Point, we are committed to protecting our customers’ email, browsers, and collaboration apps from the most advanced and evasive attacks while reducing their security operations overhead. This approach not only enhances organizations’ ability to prevent and remediate advanced cyber threats but also ensures they stay ahead of the curve as the digital landscape continues to evolve.”
Looking ahead to the second half of 2024, Perception Point predicts that phishing will remain the top threat vector, and BEC and VEC attacks will continue to replace traditional malware attacks as the preferred method of cybercriminals in email. Ransomware will still be highly dangerous, mainly when targeting collaboration apps, which have less protection.
You can download the full H1 2024 Cybersecurity Trends & Insights report here.
Click here for more cybersecurity and business resiliency news on Continuity Insights.