1 in 100 emails is malicious

BEC and phishing attacks soar by 20% and 41% respectively in H1 2023, according to Perception Point.

Cyber attackers have continued to refine their methods, adopting more sophisticated techniques to exploit vulnerabilities across various sectors. With the ever-increasing reliance on workplace technologies, including web-based tools and SaaS applications, organizations face an unparalleled need to strengthen their cybersecurity measures.

GenAI tools fuel sophisticated cyberattack

Additionally, the report observed a 75% increase in attacks targeting cloud collaboration apps and storage, including Microsoft 365 apps, Salesforce, Slack, AWS S3 Buckets and others.

As a result of growing access to easy-to-use generative AI tools such as OpenAI’s ChatGPT, malicious actors can now attempt more sophisticated attacks with alarming simplicity and regularity. Cybercriminals are also leveraging the power of unethical GenAI alternatives like WormGPT to create increasingly sophisticated and deceptive malicious content.

GenAI tools are fueling this year’s rise in both BEC and phishing attacks, whose prevalence had already increased in 2022 according to previous Perception Point research.

In examining cyberattacks by type, channel, and industry, the report gives a holistic overview into the changing threat landscape. The total number of cyberattacks rose by 36% in H1 2023.

Phishing remains the most widespread threat in H1 2023

Email continued to be the main vector for delivering malicious content, with as many as 1 in every 100 emails sent in the first half of 2023 found to be malicious. Phishing remains the most widespread threat type across all channels, accounting for 70% of all attacks. Malware accounted for 20% of attacks, and BEC constituted 8%.

“The continued rise in cyberattacks of all forms, particularly phishing and BEC powered by generative AI, emphasizes the need for innovative approaches to enhance organizations’ defense mechanisms,” said Yoram Salinger, CEO of Perception Point.

“We expect cybercriminals to continue sharpening their tools in order to target a wider range of communication and collaboration channels, which is likely to fuel an unprecedented surge in attacks in 2023. Organizations should adopt proactive security measures and embrace emerging technologies and holistic, managed services to strengthen their ability to prevent and remediate such pernicious cyber threats,” added Salinger.

Attack patterns varied across industries, with phishing responsible for 94% of all attacks targeting the Oil & Gas sector, 24% of attacks on Industrial companies was malware related, while the technology sector was more likely than others to experience BECs and advanced attacks.