Barracuda Networks, a trusted partner and provider of cloud-first security solutions, published its Email Threats and Trends, Vol. 1. This report noted that business email compromise attacks accounted for 10.6 percent of email-based social engineering over the past 12 months. At the same time, conversation hijacking rose by 70 percent since 2022, despite being a resource-intensive approach for attackers.
Barracuda researchers analyzed 69 million attacks across 4.5 million mailboxes over a one-year period. The results reveal how cybercriminals are adapting their tactics and taking advantage of the ways GenAI can help them scale their attacks, bypass traditional security measures and target and trick potential victims.
Particular findings include:
- Business email compromise (BEC) attacks making up more than one in 10 of all social engineering attacks (2023), compared to eight percent (2022) and nine percent (2021).
- Conversation hijacking made up 0.5 percent of social engineering attacks in the past year, an increase of almost 70 percent when compared to 0.3 percent (2022).
- Conversation hijacking attacks require effort to execute, but with more significant payouts.
- Approximately one in 20 mailboxes were targeted with QR code attacks in the last quarter of 2023.
- Gmail was the most popular free webmail service used for social engineering. In 2023, Gmail accounted for 22 percent of the domains used for social engineering attacks, with just over half the detected Gmail attacks used for BEC attacks.
- bit.ly was used in nearly 40 percent of social engineering attacks that include a shortened URL.
“IT and security professionals need to stay focused on the evolution of email threats and what this means for security measures and incident response,” said Sheila Hara, the senior director of product management with Barracuda. “This involves understanding how attackers can leverage generative AI to advance and scale their activities, and the latest tactics they’re using to make it past security controls. The best defense is AI-powered cloud email security technology that can adapt quickly to a changing landscape and doesn’t solely rely on looking for malicious links or attachments.”
For the full report, click here.
Click here for Barracuda’s partner program.
