Email attacks against businesses have increased dramatically as hackers continually use generative AI tools to optimize their content and streamline malicious campaigns, new research shows.
A new report from Acronis, based on data collected from more than one million unique endpoints in 15 countries, shows that AI-powered phishing affected more than 90% of organizations last year, and that AI reduced email attacks by 222 % increases between the second half of this year. 2023 and today.
“A disturbing trend is being recognized worldwide where bad actors continue to use ChatGPT and similar generative AI systems to increase the efficiency of cyber attacks, create malicious code and automate attacks,” said Candid Wüest, VP Product Management at Acronis. “Now more than ever, companies must prioritize comprehensive cyber protection solutions to ensure business continuity.”
Using Chat-GPT
Email attacks, most commonly phishing, remain the leading infection vectors, the report states, with organizations experiencing a notable 54% increase in attacks per company. Most attacks took place in Singapore, Spain and Brazil, and Acronis identified a third of emails (33.4%) as spam. Another 1.5% contained malware or phishing links, the report said.
Phishing is the top infection vector for a number of reasons: email is ubiquitous, easy to use, and cheap. It is also easy to automate. Finally, victims largely trust their email service providers to protect them from threats, often clicking links and downloading attachments without questioning their good nature.
In the pre-ChatGPT era, the easiest way to spot a phishing attack was to use common sense and read the email message. Hackers are rarely English majors (many do not live in English-speaking countries) and their messages were riddled with spelling and grammatical errors, as well as clumsy wording and various inconsistencies. However, since the introduction of generative AI tools, email messages have become significantly more persuasive.
“The Acronis Cyberthreats Report H2 2023 highlights the ongoing threats facing companies of all sizes worldwide,” said Michael Suby, Research VP, IDC. “Unfortunately, bad actors continue to take advantage of these activities and use AI-enabled techniques to create more convincing phishing schemes, guaranteeing that this problem will continue to plague businesses.”