TLDR:
– Phishing emails are still a top cyber threat despite MFA
– Abnormal Security’s analysis shows a 50% increase in email attacks from H2 2023 to H1 2024
Phishing emails continue to be a major cybersecurity threat, even with the implementation of Multi-factor Authentication (MFA). Abnormal Security’s analysis reveals a 50% increase in email attacks from the second half of 2023 to the first half of 2024, with attacks per thousand mailboxes jumping from 139 to 208. These attacks are successful because MFA, while helpful, is not foolproof and can be bypassed in various ways. Criminals are using freely available tools and platforms to impersonate trusted contacts and trick employees into divulging sensitive information.
Despite the potential for AI to enhance the sophistication of phishing attacks, the current increase in attacks is more likely attributed to a shift in criminal strategies rather than the adoption of AI. Attackers are leveraging popular platforms and plausible pretexts to carry out attacks, with a particular focus on file-sharing phishing attacks, which have seen a 350% increase year over year. Additionally, attackers are exploiting flaws in Software as a Service (SaaS) platforms, signing up for free trials to conduct attacks repetitively.
While the use of AI to scale attacks remains limited, the potential for more targeted attacks, such as Business Email Compromise (BEC) and Vendor Email Compromise (VEC), is evident. The increase in these types of attacks signals the need for organizations to remain vigilant and continuously update their cybersecurity practices to combat evolving threats. Abnormal Security’s recent Series D funding round highlights the growing importance of combatting phishing and social engineering attacks in today’s cybersecurity landscape.