Perception Point today released its H1 2024 Cybersecurity Trends & Insights report, revealing a significant increase in the volume and sophistication of cyber attacks targeting businesses globally. The report, which draws on data gathered from Perception Point's multi-layered, AI-powered advanced threat prevention platform and managed Incident Response service, highlights a 24% increase in malicious attacks per user in the first half of 2024 year over year, underscoring the escalating threat landscape.
Key findings from the report include:
- Business Email Compromise (BEC) Attacks Surge: BEC attacks saw a 42% increase in H1 2024 compared to the same period in 2023. These socially engineered attacks, often targeting high-level business stakeholders, now account for 21% of all email attacks, up from 15% in H1 2023.
- Vendor Email Compromise (VEC) on the Rise: VEC attacks, a subset of BEC targeting supply chain communications, rose by 66% in H1 2024. This trend highlights the growing threat to trusted business relationships, and the need to protect companies' no matter their size, with attackers increasingly exploiting vendor communications to defraud businesses.
- Phishing Remains Dominant: Phishing continues to be the top threat across the modern workspace, representing 75% of all email-based attacks and 89% of browser-based threats in H1 2024.
- Malware Targeting Microsoft 365: Attacks targeting Microsoft 365 web applications, such as SharePoint, OneDrive, and Teams, were predominantly malware-based, accounting for 68% of all incidents in this channel.
The report also highlights the significant threat posed by browser-based attacks. In H1 2024, phishing dominated browser-based threats, accounting for 89% of all incidents, up from 82% in H1 2023. As browsers have become the most used enterprise app in the modern workspace, attackers increasingly target this vector to deploy phishing, malware, and advanced attacks.
Additionally, cloud collaboration channels, including Microsoft 365, Salesforce, and Zendesk, have become increasingly attractive targets for cyber attackers. In H1 2024, Microsoft 365 channels faced a high volume of malware attacks, which made up 68% of all incidents. Phishing was the leading attack vector in Salesforce, representing 65% of all threats, while Zendesk saw a surge in phishing attacks, comprising 66% of all security incidents. These findings underscore the critical need for robust security measures to protect cloud-based applications that are integral to modern business operations against file and URL based threats.
The report reveals an ongoing shift in the threat landscape, with BEC and VEC attacks gradually replacing traditional malware attacks as the preferred method of cybercriminals. This trend underscores the growing usage of GenAI to scale and increase the sophistication of social engineering techniques, where attackers exploit human vulnerabilities. As a result, traditional security systems that primarily rely on threat intelligence and known signatures are increasingly inadequate in combating these sophisticated threats.
"Organizations of all sizes are facing an increasingly complex and sophisticated threat landscape with cybercriminals constantly sharpening their tools, particularly with the use of generative AI," said Yoram Salinger, CEO of Perception Point. "The rise of social engineering attacks, the ongoing dominance of phishing, and the threat of ransomware underscores the urgent need for innovative security solutions to protect the modern workspace. At Perception Point, we are committed to protecting our customers' email, browsers, and collaboration apps from the most advanced and evasive attacks while reducing their security operations overhead. This approach not only enhances organizations' ability to prevent and remediate advanced cyber threats but also ensures they stay ahead of the curve as the digital landscape continues to evolve."
Looking ahead to the second half of 2024, Perception Point predicts that phishing will remain the top threat vector, and BEC and VEC attacks will continue to replace traditional malware attacks as the preferred method of cybercriminals in email. Ransomware will still be highly dangerous, mainly when targeting collaboration apps, which have less protection.
For more details, download the full H1 2024 Cybersecurity Trends & Insights report here.
