The H1 2024 Cybersecurity Trends & Insights report from Perception Point reveals a rapidly evolving cyber threat landscape, marked by a rise in each the sophistication and frequency of attacks. With a 24% rise in attacks per user in comparison with H1 2023, the report underscores the growing challenges organizations face in protecting their digital environments. We are going to take an in-depth have a look at the important thing findings from the report, offering an in depth evaluation of the newest trends, statistics, and the critical need for enhanced cybersecurity measures.
The Surge in Business Email Compromise (BEC) and Vendor Email Compromise (VEC)
Business Email Compromise (BEC) has emerged as one of the crucial significant threats in the primary half of 2024. BEC attacks, where cybercriminals impersonate high-level business figures to deceive employees into transferring funds or revealing confidential information, have grown by 42% year-over-year. These attacks increased from 15% of all email attacks in H1 2023 to 21% in H1 2024. The rise in BEC incidents highlights the effectiveness of social engineering techniques, which exploit human behavior fairly than technical vulnerabilities​.
Vendor Email Compromise (VEC), a particular style of BEC attack targeting vendor and provide chain communication, has seen a good sharper increase. VEC attacks have surged by 66% over the past yr, comprising 2% of all malicious email attacks in H1 2024. These attacks often involve account takeovers, where an attacker gains control of a vendor’s email account to send fraudulent payment instructions or request sensitive information from business partners. The trust-based nature of vendor relationships makes these attacks particularly dangerous, as they will bypass standard security measures​.
Phishing: The Dominant Threat Across Multiple Channels
Phishing continues to be probably the most pervasive cybersecurity threat, especially in email and web-based attacks. In H1 2024, phishing accounted for 75% of all malicious emails, maintaining its position as the highest email-based threat. That is consistent with H1 2023, reflecting the continuing preference of attackers for phishing as a reliable method to deceive users into disclosing sensitive information​.
Multi-step phishing, a tactic that uses redirection to evade detection, has turn into increasingly common. These sophisticated attacks rose by 175% in 2023 and have continued to be a big threat in 2024. Multi-step phishing often involves sending non-malicious links that later redirect to phishing pages, making these attacks harder to detect and block with traditional security measures​.
In web-based threats, phishing was answerable for 89% of all browser-based attacks in H1 2024, up from 83% in H1 2023. These attacks typically involve fake web sites or brand impersonations designed to steal personal information from users. The browser stays a critical vector for phishing as a result of its widespread use in accessing skilled tools and services​.
Shifting Attack Strategies: The Decline of Malware and Rise of Social Engineering
The report highlights a notable shift in attack strategies, with a decrease in traditional malware attacks and a rise in social engineering tactics like BEC and VEC. Malware-related email threats dropped to 4% of all email attacks in H1 2024, down from 11% in H1 2023. This decline suggests that attackers are increasingly specializing in exploiting human vulnerabilities fairly than deploying malicious software​.
Within the context of Microsoft 365 applications, malware accounted for 68% of attacks in H1 2024, up from 64% in H1 2023. Advanced attacks remained regular at 22%, while phishing attacks decreased to 10%, down from 14% within the previous yr. This means that while malware remains to be a big concern in cloud environments, there may be a growing emphasis on targeted, sophisticated attacks that exploit specific vulnerabilities inside collaboration platforms​.
Cloud Collaboration Tools: A Growing Goal for Cybercriminals
As organizations increasingly depend on cloud-based applications, these platforms have turn into prime targets for cyberattacks. Microsoft 365, Salesforce, and Zendesk have all experienced an increase in attack activity in H1 2024. Malware was probably the most common threat to Microsoft 365 apps, comprising 68% of all incidents, a rise from 64% in H1 2023. Advanced attacks remained at 22%, while phishing decreased to 10%​.
Salesforce, a vital tool for managing customer relationships, saw phishing attacks rise to 65% of all incidents in H1 2024, up from 53% within the previous yr. Malware accounted for 31% of attacks, a decrease from 42% in H1 2023, while advanced attacks barely decreased to 4%. These trends highlight the evolving tactics of attackers who’re specializing in exploiting cloud collaboration tools which are often less fortified than traditional IT infrastructure​.
Zendesk, a widely used customer support platform, also saw significant increases in phishing attacks, which made up 66% of threats in H1 2024, up from 40% in H1 2023. Malware attacks decreased to 26% from 43% the previous yr, while advanced attacks dropped to 7% from 17%. The report emphasizes the necessity for enhanced security measures to guard these platforms, as they represent critical points of interaction between organizations and their customers​.
The Role of Advanced Detection Technologies
Perception Point’s report also highlights the importance of advanced detection technologies in mitigating these evolving threats. The corporate’s AI-powered threat prevention platform, which incorporates tools just like the Recursive Unpacker and the HAPâ„¢ (Hybrid Evaluation Pipeline), plays a vital role in identifying and neutralizing sophisticated email and web-based attacks. The Recursive Unpacker, as an illustration, is able to dissecting deeply embedded links and files to uncover hidden threats, while the HAPâ„¢ intercepts and neutralizes unknown threats on the exploit stage, particularly in zero-day scenarios​.
For instance, in a single case, an attacker attempted to compromise a system by sending a quote request with an attached file that appeared legitimate. Nonetheless, Perception Point’s technology was in a position to decrypt the file, revealing a hidden URL that led to a Trojan malware. This level of deep evaluation is crucial for detecting and stopping probably the most sophisticated cyber threats before they may cause harm​.
Looking Forward: Predictions for H2 2024
As we move into the second half of 2024, phishing is predicted to stay probably the most significant threat, likely making up around three-quarters of all cyberattacks. This sustained prevalence underscores the necessity for robust phishing detection and prevention mechanisms. The report predicts that BEC and VEC attacks will proceed to extend, progressively replacing traditional malware as the first method for cybercriminals to breach organizations. These attacks, which exploit human behavior, are expected to pose a growing challenge to businesses globally​.
While advanced attacks are expected to stay a small percentage of overall incidents, their potential for significant damage makes them extremely dangerous. These sophisticated attacks often goal high-value assets and significant infrastructure, requiring organizations to adopt advanced detection and response strategies to guard against these threats​.
Conclusion
The H1 2024 Cybersecurity Trends & Insights report offers a comprehensive overview of the present cyber threat landscape, revealing significant increases in each the frequency and class of attacks. With the rise of social engineering tactics like BEC and VEC, and the continued dominance of phishing, organizations must adapt their cybersecurity strategies to deal with these evolving challenges. As cloud-based tools and collaboration platforms turn into more integral to business operations, the necessity for robust, multi-layered security solutions is more critical than ever. The insights from this report highlight the urgency of enhancing defenses to guard against the varied and increasingly complex threats facing today’s digital environments.
