THE Cybersecurity Trends and Outlook Report for the First Half of 2024 Since Point of perception reveals a rapidly evolving cyber threat landscape, marked by an increase in both the sophistication and frequency of attacks. With a 24% increase in attacks per user compared to the first half of 2023, the report highlights the growing challenges organizations face in protecting their digital environments. We will take an in-depth look at the report’s key findings, providing a detailed analysis of the latest trends, statistics, and the critical need for enhanced cybersecurity measures.
The rise of business email compromises (BEC) and vendor email compromises (VEC)
Business Email Compromise BEC attacks have emerged as one of the most significant threats in the first half of 2024. BEC attacks, where cybercriminals impersonate high-level business figures to trick employees into transferring funds or revealing confidential information, increased 42% year over year. These attacks increased from 15% of all email attacks in the first half of 2023 to 21% in the first half of 2024. The increase in BEC incidents highlights the effectiveness of social engineering techniques, which exploit human behavior rather than technical vulnerabilities.
Vendor Email Compromise (VEC), a specific type of BEC attack targeting supplier and supply chain communications, has seen an even greater increase. VEC attacks increased 66% over the past year, accounting for 2% of all malicious email attacks in the first half of 2024. These attacks often involve account takeovers, where an attacker takes control of a supplier’s email account to send fraudulent payment instructions or request sensitive information from business partners. The trust-based nature of supplier relationships makes these attacks particularly dangerous because they can bypass standard security measures.
Phishing: the dominant threat across multiple channels
Phishing remains the most prevalent cybersecurity threat, particularly in email and web-based attacks. In the first half of 2024, phishing accounted for 75% of all malicious emails, maintaining its position as the top email threat. This figure is consistent with that of the first half of 2023, reflecting attackers’ continued preference for phishing as a reliable method to trick users into disclosing sensitive information.
Multi-stage phishingA tactic that uses redirection to evade detection, has become increasingly common. These sophisticated attacks increased by 175% in 2023 and continued to pose a significant threat in 2024. Multi-stage phishing often involves sending non-malicious links that then redirect to phishing pages, making these attacks harder to detect and block with traditional security measures.
Among web-based threats, phishing accounted for 89% of all browser-based attacks in the first half of 2024, up from 83% in the first half of 2023. These attacks typically involve fake websites or brand impersonations designed to steal users’ personal information. The browser remains a key vector for phishing due to its widespread use to access business tools and services.
Evolving Attack Strategies: The Decline of Malware and the Rise of Social Engineering
The report highlights a notable shift in attack strategies, with a decrease in traditional attacks. malware Email attacks and the rise of social engineering tactics such as BEC and VEC. Malware-related email threats have dropped to 4% of all email attacks in the first half of 2024, compared to 11% in the first half of 2023. This decline suggests that attackers are increasingly focusing on exploiting human vulnerabilities rather than deploying malware.
In the context of Microsoft 365 applications, malware accounted for 68% of attacks in the first half of 2024, up from 64% in the first half of 2023. Advanced attacks remained stable at 22%, while phishing attacks decreased to 10%, down from 14% the year before. This indicates that while malware remains a major concern in cloud environments, the focus is increasingly on targeted and sophisticated attacks that exploit specific vulnerabilities within collaboration platforms.
Cloud Collaboration Tools: A Growing Target for Cybercriminals
As businesses increasingly rely on cloud-based applications, these platforms have become prime targets for cyberattacks. Microsoft 365, Salesforce, and Zendesk all saw an increase in attacks in the first half of 2024. Malware was the most common threat to Microsoft 365 applications, accounting for 68% of all incidents, up from 64% in the first half of 2023. Advanced attacks remained at 22%, while phishing decreased to 10%.
Salesforce, a critical tool for managing customer relationships, saw phishing attacks increase to 65% of all incidents in the first half of 2024, up from 53% the year before. Malware accounted for 31% of attacks, down from 42% in the first half of 2023, while advanced attacks declined slightly to 4%. These trends highlight the evolving tactics of attackers who are focused on exploiting cloud collaboration tools that are often less hardened than traditional IT infrastructure.
Zendesk, a widely used customer support platform, also saw a significant increase in phishing attacks, which accounted for 66% of threats in the first half of 2024, compared to 40% in the first half of 2023. Malware attacks decreased from 43% to 26% in the previous year, while advanced attacks dropped from 17% to 7%. The report highlights the need for stronger security measures to protect these platforms, as they represent critical interaction points between organizations and their customers.
The role of advanced sensing technologies
Perception Point’s report also highlights the importance of advanced detection technologies to mitigate these evolving threats. The company’s AI-powered threat prevention platform, which includes tools such as Recursive Unpacker and the HAP™ (Hybrid Analysis Pipeline) plays a crucial role in identifying and neutralizing sophisticated email and web-based attacks. The Recursive Unpacker, for example, is able to dissect deeply embedded links and files to uncover hidden threats, while the HAP™ intercepts and neutralizes unknown threats at the exploitation stage, especially in zero-day scenarios.
For example, in one case, an attacker attempted to compromise a system by sending a quote request with a file that appeared legitimate. However, Perception Point’s technology was able to decrypt the file, revealing a hidden URL that led to a malicious Trojan. This level of in-depth analysis is critical to detecting and preventing the most sophisticated cyber threats before they can cause damage.
Future outlook: forecast for the second half of 2024
As we enter the second half of 2024, phishing is expected to remain the most significant threat, likely accounting for approximately three-quarters of all cyberattacks. This continued prevalence underscores the need for robust phishing detection and prevention mechanisms. The report predicts that BEC and VEC attacks will continue to increase, gradually replacing traditional malware as the primary method used by cybercriminals to penetrate organizations. These attacks, which exploit human behavior, are expected to pose a growing challenge to businesses worldwide.
Although advanced attacks represent only a small percentage of all incidents, their potential for significant damage makes them extremely dangerous. These sophisticated attacks often target high-value assets and critical infrastructure, requiring organizations to adopt advanced detection and response strategies to protect against these threats.
Conclusion
THE Cybersecurity Trends and Outlook for the First Half of 2024 The report provides a comprehensive overview of today’s cyber threat landscape, revealing a significant increase in the frequency and sophistication of attacks. With the rise of social engineering tactics such as BEC and VEC, and the continued dominance of phishing, organizations must adapt their cybersecurity strategies to meet these evolving challenges. As cloud-based tools and collaboration platforms become increasingly critical to business operations, the need for robust, multi-layered security solutions is more critical than ever. The insights from this report underscore the urgency of improving defenses to protect against the diverse and increasingly complex threats facing today’s digital environments.