Barracuda Networks report shows rise in email cyber threats

Barracuda Networks recently released its report, "Email Threats and Trends, Vol. 1," which reveals significant insights into the shifting landscape of email-based cyber threats, especially in the context of advancing artificial intelligence (AI). The report underscores the growing sophistication and frequency of these attacks over the past year.

Business email compromise (BEC) attacks have been a notable highlight of the findings, constituting more than one in ten of all social engineering attacks recorded in 2023. The numbers show a steady rise, with BEC attacks accounting for 8% in 2022 and 9% in 2021. The increase to 10.6% in 2023 marks a significant escalation in this type of threat.

Conversation hijacking, another critical form of social engineering, witnessed a substantial surge of 70% since 2022. Although this method remains resource-intensive for attackers, the potential rewards continue to drive its usage. As a result, conversation hijacking made up 0.5% of the social engineering attacks in the past year, compared to 0.3% in the previous year.

The report also draws attention to the rise of QR code attacks, which targeted approximately 1 in 20 mailboxes in the last quarter of 2023. These attacks are particularly challenging to detect through traditional email filtering methods, often compelling victims to access links via personal devices that lack corporate security protections.

In 2023, Gmail emerged as the most frequently used free webmail service in social engineering attacks, accounting for 22% of the domains used. Over half of these detected Gmail attacks were related to BEC. The data indicates the growing preference among cybercriminals for leveraging widely used platforms to facilitate their attacks.

Additionally, URL shorteners like bit.ly were involved in nearly 40% of social engineering attacks that incorporated a shortened URL. This tactic is employed to obscure the actual destination and nature of the link, thus making it difficult for recipients to recognise malicious intent.

Sheila Hara, Senior Director of Product Management at Barracuda, commented on the evolving threat landscape: "IT and security professionals need to stay focused on the evolution of email threats and what this means for security measures and incident response. This involves understanding how attackers can leverage generative AI to advance and scale their activities, and the latest tactics they’re using to make it past security controls."

Hara emphasised the importance of implementing advanced security technologies: "The best defence is AI-powered cloud email security technology that can adapt quickly to a changing landscape and doesn’t solely rely on looking for malicious links or attachments."

Barracuda's research analysed a substantial sample of 69 million attacks across 4.5 million mailboxes over a one-year period. The comprehensive analysis provided a detailed view of the methods and techniques employed by cybercriminals, highlighting the need for continuous vigilance and adaptive security measures.

The report provides valuable insights for IT and security professionals aiming to enhance their defences against the sophisticated email threats that continue to evolve with the aid of AI. The findings suggest a trend towards increasingly targeted and effective attack strategies, underscoring the necessity for organisations to adopt proactive and adaptive security solutions.