Five reasons why email security is becoming even more of a challenge in 2024
From the humble QR code to ransomware-as-a-service, cybercriminals are continuing to find new ways of getting past your email defenses. These five trends all have the potential to significantly damage businesses in 2024 and beyond.
Trend 1. Fileless attacks
More and more threat emails are containing links to malicious code that uses RAM to exploit existing software. Instead of downloading executable code they corrupt genuine, trusted programs running in memory, such as Windows script programs or PowerShell. This makes the exploit harder to detect, and there are many different types, including fileless ransomware.
Trend 2. Ransomware-as-a-service
Ransomware attacks are a significant threat for any size of business. In 2023, it was reported that casino operator Caesars paid out a ransom worth $15 million, and that remediation following a ransomware attack cost the UK’s Royal Mail £10 million (they had refused to pay the ransom demand of £70 million, in line with legal advice).
The frequency and scale of this type of attack is set to increase even faster, as ransomware can now be obtained ‘as a service’ (RaaS). Developer skills are no longer needed – any cybercriminal can now ‘lease’ malware to launch ransomware attacks quickly and easily.
Trend 3. Use of AI, ML and ChatGPT
“AI is being used to mimic humans in order to fool humans.”
There seems to be little doubt that AI will continue to increase phishing attempts and make many of them harder to spot. As well as being able to automate email generation to increase output, AI could also be used for more effective spear phishing, and can help many cyber criminals to ‘raise their game’ when it comes to creating realistic phishing emails. The quality of graphics can easily be improved, and AI-generated text will significantly improve grammar and spelling, whatever the target’s language may be.
“It used to be so easy to spot phishing emails from their typos and amateur design. Now you need the right training and technology in place to stop realistic-looking scams from getting through.”
Paolo Frizzi – CEO, Libraesva
Deep fake audio and video will also become more commonplace – since 2022, the FBI has been warning about the increasing use of deepfakes and stolen personally identifiable information to impersonate or misrepresent others, and places an emphasis on the importance of having the right technology and training in place.
“The increasing availability and efficiency of synthetic media techniques available to less capable malicious cyber actors indicate these types of techniques will likely increase in frequency and sophistication.”
In its January 2024 assessment of the near-term impact of AI on the cyber threat, the UK National Cyber Security Centre observes that the impact of successful attacks may also increase “because threat actors will be able to analyze exfiltrated data faster and more effectively, and use it to train AI models”.
Trend 4. Malicious use of QR codes
Routine use of QR codes has increased since the pandemic, and now cybercriminals are using them to lead people to fake websites. They encourage smartphone users to scan a QR code from an email (or in print), often under the guise of ‘secure your account’ messages, promotional offers, or user surveys. An unsuspicious victim will confirm their details, as requested, providing the scammer with passwords or personally identifiable information.
Trend 5. Lack of action by many businesses
Unfortunately, many companies will continue to carry on as they have always done – it’s a trend we see every year. Whatever type of business you operate, it’s essential to get your email security regularly reviewed and updated to ensure you have the latest solutions to meet the evolving challenges that we face today. Prevention is better than cure every time.