A report by cybersecurity platform, Perception Point, has revealed that there was a 1,760% surge in Business Email Compromise (BEC) attacks in 2023 fueled by the advancement in generative AI.
According to the report, through generative AI, cybercriminals craft creative emails that impersonate companies and business executives, fooling their victims into handing over their data and money.
The report indicated that BEC attacks accounted for only 1% of cyberattacks in 2022. However, this number rose drastically to 18.6% last year.
BEC is a type of cybercrime where the scammer uses email to trick someone into sending money or divulging confidential company information which can be used to defraud the company.
Cybercriminals and AI
Highlighting the findings in its Annual Report, Perception Point said AI has become a very powerful tool in the hands of cybercriminals.
- “This past year has been defined by unprecedented advancements in technology, particularly the widespread usability of generative AI (GenAI).
- As this powerful tool becomes increasingly accessible, cybercriminals have capitalized on its capabilities to orchestrate more intricate and deceptive attacks.
- “Notably, Business Email Compromise (BEC) attacks enhanced by GenAI have surged by a staggering 1,760% since 2022, showcasing the disruptive potential of GenAI in the hands of malicious actors,” it said in the report.
The cybersecurity firm added that organizations have also expanded their workspace technologies, integrating additional web-based productivity tools and SaaS applications making the browser the most used enterprise application.
It, however, noted that this expansion has not gone unnoticed by cyber attackers, who have adopted increasingly sophisticated evasion techniques to exploit vulnerabilities in these digital ecosystems.
- “Not only has the urgency for advanced email security solutions become clearer with one in every five emails found to be illegitimate and phishing attacks comprising over 70% of all threats, but the need for securing the browser and addressing data loss and browser governance is also taking precedence,” it added.
Other tool attackers
Perception point pointed out, however, that GenAI was not the only tool attackers reached for in 2023. According to the company, there was also a considerable increase in phishing via malicious QR codes (“quishing”), comprising 2.7% of all phishing attacks.
By using QR codes to disguise malicious phishing sites, attackers were able to bypass most traditional security measures.
Moreover, attackers also managed to exploit the inherent trust users have in QR codes, with a concerning 6% of all QR codes sent via email found to be malicious.
- “Another trend the report focuses on is two-step phishing, which witnessed a 175% surge in 2023. These attacks leverage legitimate services and websites to elude detection, exploiting the credibility of well-known domains.
- “By directing users to a legitimate website first and then redirecting them to a malicious site, attackers manage to bypass many security measures,” it said.