Social engineering attacks also continue to grow, with BEC attacks increasing by 55% and nearly half of all organizations receiving at least one VEC attack since January

Abnormal Security, the leading behavioral AI-based email security platform, today released its H2 2023 Email Threat Report, revealing how email attacks have increased in both sophistication and volume since the start of the year.

Examining data since 2013, Abnormal identified a massive increase in third-party applications (apps) integrated with email, underscoring the proliferation of an emerging threat vector that cybercriminals are exploiting as they continue to shift their tactics.

The number of integrated third-party apps continued to rise in the first half of 2023 (between January and June), during which time Abnormal also observed overall increases in business email compromise (BEC) and vendor email compromise (VEC) attacks, continuing a trend that has persisted over the last five years.

Connected Third-Party Applications Are Growing, Increasing Undue Risk

Abnormal’s research showed that the average organization integrates 379 third-party apps with email—a 128% increase since 2020. And for large enterprises with 30,000+ employees, the number of integrated third-party apps shoots up to 3,973, on average. These include apps for collaboration, productivity, development, social networking, security, and more.

“So many of today’s organizations lack visibility into connected third-party apps within their email environment, and attackers are taking note,” said Mike Britton, chief information security officer at Abnormal. “Historically, cybercriminals relied on sending credential phishing links via inbound email to access and compromise accounts. But as more security leaders began locking down this ‘front door’ with solutions to detect those malicious messages, attackers have adapted their tactics. Now, they’re increasingly targeting email ‘side doors’ via third-party app integrations to compromise accounts and read emails undetected.”

Across the integrated third-party applications, 37% have high-risk permissions, such as the ability to create and delete emails or users, and even reset user passwords. Britton continued, “These findings show us just how important it is for security teams to understand which apps are connected to email and what permissions they’ve been assigned. Understanding risk is the first step in ongoing efforts to manage security posture.”

BEC and VEC Attack Volumes Continue to Increase

The report also showed a rise in both BEC and VEC attacks in the first half of 2023. BEC attacks increased by 55% over the previous six months, and nearly half (48%) of all organizations received at least one VEC attack during that same time frame.

Additional findings from the first half of the year include:

• A 34% increase in VEC attacks over the previous two halves.
• BEC attacks outpaced malware in a reversal of findings from the previous half.
• Large organizations are especially at risk. There is a 90%+ chance of receiving at least one BEC attack and a 76% chance of receiving at least one VEC attack each week for organizations with 5,000+ mailboxes.
• The technology industry is the most popular target for BEC attacks, while advertising/marketing is the most popular target for VEC attacks. Other popular targets for BEC attacks include construction, advertising/marketing, finance, transportation, and media/entertainment.

“The fact that BEC and VEC attacks are continuing to grow—despite more security awareness and continued advancements in legacy security tools—shows us that email is still one of the easiest ways to infiltrate organizations,” said Britton. “And with the rise of generative AI tools like ChatGPT to help craft these emails, it’s only getting easier for threat actors to keep scaling their attacks in sophistication and in volume.”

Britton continued, “The report’s findings reveal a concerning combination of threats that is making email an increasingly vulnerable target. Between emerging threat vectors like connected third-party apps, and persistent attack tactics like BEC and VEC, one thing is clear: there are more surfaces to protect, and organizations need to have their bases covered.”

You can download the full H2 2023 Email Threat Report here.

Abnormal provides an intelligent cloud email security solution that can precisely detect and block inbound email attacks and email platform attacks. To see the Abnormal platform in action, visit us at Black Hat USA 2023 at Booth #2460 or request a virtual demo.

About Abnormal Security

Abnormal Security provides the leading behavioral AI-based email security platform that leverages machine learning to stop sophisticated inbound email attacks and dangerous email platform attacks that evade traditional solutions. The anomaly detection engine leverages identity and context to analyze the risk of every cloud email event, preventing inbound email attacks, detecting compromised accounts, and remediating emails and messages in milliseconds—all while providing visibility into configuration drifts across your environment. You can deploy Abnormal in minutes with an API integration for Microsoft 365 or Google Workspace and experience the full value of the platform instantly, with additional protection available for Slack, Teams, and Zoom. More information is available at abnormalsecurity.com.

View source version on businesswire.com: https://www.businesswire.com/news/home/20230802820583/en/