Cybersecurity News in Asia

Features
- Featured
  
  Will the billions lost in financial scams lead to better vigilance and accountability?
  
  Tuesday, November 19, 2024, 2:30 PM Asia/Singapore | Features, Newsletter
- Featured
  
  Impact of downtime and security workflows on cloud strategies
  
  Tuesday, November 19, 2024, 2:26 PM Asia/Singapore | Features, Newsletter
- Featured
  
  Being ready – when and where ransomware may strike next
  
  Tuesday, November 19, 2024, 2:15 PM Asia/Singapore | Features, Malware & Ransomware
News
- Featured
  
  Skyrocketing identity theft and deepfake abuse: a sign of more to come?
  
  Friday, November 22, 2024, 11:19 AM Asia/Singapore | News, Newsletter
- Featured
  
  No limit for number of blocked sites in Singapore
  
  Tuesday, November 19, 2024, 9:15 AM Asia/Singapore | News, Newsletter, Opinions
- Featured
  
  Banking professionals least likely to use generative AI at work: analysis
  
  Monday, November 18, 2024, 10:28 AM Asia/Singapore | News, Newsletter
Opinions
Tips
Whitepapers
Awards 2024
Directory
E-Learning

News

Cybercriminals tap GenAI, URL link shorteners and social engineering hijacking tactics

By CybersecAsia editors | Tuesday, July 2, 2024, 1:39 PM Asia/Singapore

In a cybersecurity firm’s 2023 email attack incident data, various tactics to evade detection and boost scale were analyzed

Based on its own user ecosystem metrics, a cybersecurity firm has reported fending off 69m attacks on 4.5m mailboxes over a year, with hints of cybercriminals adapting their tactics and taking advantage of generative AI (GenAI) to help them scale their attacks, bypass traditional security measures, and target and trick potential victims.

Among the attacks analyzed, business email compromise (BEC) attacks accounted for 10.6% of the total, while comprising 8% of all social engineering attacks in 2022.

Meanwhile, “conversation hijacking”, comprising 0.5% of all social engineering attacks in 2023, was found to have increased by almost 70% in the firm’s protection ecosystem since 2022. Conversation hijacking attacks require a lot of effort to execute, but the payouts can be significant.

Other findings

In the last quarter of the analyzed metrics, around one in 20 mailboxes had been targeted with “QR code attacks”. The latter are difficult to detect using traditional email filtering methods. They also led victims away from corporate machines and forced them to use a personal device, such as a phone or iPad, which were not protected by corporate security software.

Another finding was that Gmail was the most popular free webmail service used for social engineering in the attacks analyzed, accounting for 22% of the domains used for social engineering attacks. Just over half the detected Gmail attacks had been used for BEC attacks.

Finally, nearly 40% of social engineering attacks analyzed involved the use of the URL-shortening service bit.ly.

According to Sheila Hara, Senior Director, Product Management, Barracuda Networks, the firm disclosing its metrics analysis: “IT and security professionals need to stay focused on the evolution of email threats and what this means for security measures and incident response. This involves understanding how attackers can leverage GenAI to advance and scale their activities, and the latest tactics they’re using to make it past security controls.”

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

Mitigating Ransomware Risks with GRC Automation
In today’s landscape, ransomware attacks pose significant threats to organizations of all sizes, with increasing …Download Whitepaper
2024 Gartner® Magic Quadrant™ for SD-WAN
Gartner® has positioned Fortinet highest for Ability to Execute for the fourth year in a …Download Whitepaper
5 Cybersecurity Dashboards for CISOs
Are you ready to transform your cybersecurity approach? With Commugen's 5 Cybersecurity Dashboards for CIOs, …Download Whitepaper
CISO’s Toolbox for Managing AI Risks
As AI reshapes industries, it also introduces a new frontier of risks that demand immediate …Download Whitepaper

Middle-sidebar-banner

Case Studies

Unlock Your Guide to Securing Business Critical Secrets
Is your organization effectively managing access to sensitive secrets like credentials, API keys, and certificates …Read more
RBL Finserve boosts control of growing number of identities in its multi-cloud environment
By adopting a third-party identity security platform, the Indian financial institution expects to leverage zero …Read more
MAX Solutions safeguards data for digital transformation with Veeam
One of the largest employment providers in Australia needed to protect data while reducing complexity …Read more
Adding secure automatic multi-factor authentication boosts customer experience: Tiger Brokers
Can tightening identity security degrade customer experience? In this case study, an online trading platform …Read more

Cybersecurity News in Asia

Featured

Will the billions lost in financial scams lead to better vigilance and accountability?

Featured

Impact of downtime and security workflows on cloud strategies

Featured

Being ready – when and where ransomware may strike next

Featured

Skyrocketing identity theft and deepfake abuse: a sign of more to come?

Featured

No limit for number of blocked sites in Singapore

Featured

Banking professionals least likely to use generative AI at work: analysis

Cybercriminals tap GenAI, URL link shorteners and social engineering hijacking tactics

In a cybersecurity firm’s 2023 email attack incident data, various tactics to evade detection and boost scale were analyzed

Related Posts

Leave a reply Cancel reply

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

Middle-sidebar-banner

Case Studies

Bottom sidebar