Email threats are becoming more dangerous than ever, so keep an eye on your inbox
The number of cyberattacks spread via email continues to increase, and with generative artificial intelligence (AI) they have become even more dangerous, a new report from Barracuda Networks claims.
After analyzing 69 million attacks on 4.5 million mailboxes over the past twelve months, Barracuda said business email compromise (BEC), conversation hijacking and QR code attacks were all on the rise.
In fact, BEC attacks now make up one-tenth (10.6%) of all email-based social engineering attacks, up from 8% in 2022 and up from 9% in 2021. At the same time, conversation hijacking 0.5% of attacks. all social engineering attacks last year, which is an increase of about 70% compared to 2022’s 0.3%.
Gmail and bit.ly
The overall share of this method is relatively small because it requires a lot of effort to execute, but the payoff can still be significant, Barracuda warns.
When hijacking conversations, a threat actor will compromise someone’s email account and look for conversations with potential targets. They will then “hijack” the conversation and reply to the last email, continuing the chain of communication. This way, the victim has no reason not to trust the content of the email, making spreading malware and stealing sensitive data much easier.
Finally, about 1 in 20 mailboxes were targeted by QR code attacks, which are relatively successful because they usually bypass traditional email filtering solutions. Furthermore, they make victims use a personal device to scan the QR code, which is usually not protected by corporate security software.
The attackers will mostly target Gmail users, Barracuda added, as Gmail accounted for 22% of domains used for social engineering. Furthermore, bit.ly is the top URL shortening tool, used in nearly 40% of social engineering attacks.
“IT and security professionals must continue to focus on the evolution of email threats and what this means for security measures and incident response,” said Sheila Hara, Sr. Director of Product Management at Barracuda.
“This includes understanding how attackers can use generative AI to advance and scale their operations, and the latest tactics they are using to bypass security controls. The best defense is AI-powered cloud email security technology that can quickly adapt to a changing landscape and doesn’t rely solely on looking for malicious links or attachments.”