Aug 10 / ITCPE Team

Surge in Email Attacks and Third-Party App Risks Revealed by Abnormal Security Report

Recent Months Witness Surge in Complexity and Volume of Email-Centric Cyberattacks: Abnormal Security Report

A recent report from Abnormal Security highlights a notable surge in the intricacy and frequency of email-based cyberattacks. These developments draw attention to the mounting concern regarding risks linked to third-party applications in this domain.

A thorough analysis of data spanning from 2013 has enabled Abnormal Security to identify a substantial upswing in the integration of third-party applications (apps) into email systems. This underscores the escalating vulnerability that cybercriminals are exploiting as they refine their tactics.

Risk Imposed by Third-Party Applications
Throughout the initial half of 2023 (spanning from January to June), there has been a consistent rise in the integration of third-party applications. Additionally, Abnormal Security's findings reveal an overarching escalation in incidents related to business email compromise (BEC) and vendor email compromise (VEC) attacks during this period, affirming an ongoing trend observed over the past five years.

The comprehensive research by Abnormal Security discloses that, on average, organizations now integrate 379 third-party apps with their email infrastructures—a remarkable 128% surge since 2020. In the case of large enterprises boasting over 30,000 employees, the average count of integrated third-party apps surges significantly to 3,973. These apps encompass a diverse array of categories, including collaboration, productivity, development, social networking, security, and more.

Mike Britton, Chief Information Security Officer at Abnormal Security, pointed out, "Numerous contemporary organizations remain unaware of the extent of third-party app integration within their email frameworks, a fact that has not eluded the attention of malicious actors." Britton continued, "Historically, cybercriminals relied on deploying phishing links through incoming emails to gain illicit access and compromise accounts. However, with security leaders progressively bolstering this 'primary entry point' through solutions aimed at detecting malevolent messages, attackers have adjusted their strategies. Their emphasis has now shifted towards exploiting 'secondary entry points' by capitalizing on third-party app integrations to surreptitiously compromise accounts and gain access to emails without arousing suspicion."

Within these integrated third-party applications, approximately 37% possess high-risk permissions, conferring capabilities such as generating and erasing emails or users, and even resetting user passwords. Britton emphasized, "These findings underscore the paramount importance for security teams to possess a comprehensive comprehension of the interconnected apps within the email ecosystem and the associated permissions. Cultivating an understanding of potential risks serves as the initial stride in ongoing endeavors to fortify security stance."

Emerging Patterns in BEC and VEC Attacks
The report additionally brings to light a pronounced upswing in both BEC and VEC attacks during the initial half of 2023. BEC attacks have surged by 55% in comparison to the preceding six months, while 48% of all organizations have encountered at least one VEC attack within the same timeframe.

Further insights from the initial half of the year encompass:

A 34% increase in VEC attacks compared to the preceding two halves. BEC attacks surpassing instances of malware, indicating a reversal from the prior half's conclusions.

Larger organizations face amplified risks, with those possessing over 5,000 mailboxes facing a probability exceeding 90% of encountering a BEC attack on a weekly basis, coupled with a 76% likelihood of a VEC attack during the same timeframe.

Across diverse industries, the technology sector remains the principal target for BEC attacks, while advertising and marketing encounter the highest frequency of VEC attacks.

Additional sectors susceptible to BEC attacks encompass construction, finance, transportation, and media/entertainment.

In conclusion, Britton emphasized, "The sustained expansion of BEC and VEC attacks, notwithstanding the heightened security awareness and advancements in established security tools, underscores the persistent susceptibility of email as an avenue for penetrating organizations." He observed, "With the advent of generative AI tools like ChatGPT facilitating the composition of these deceitful emails, threat actors are finding it progressively effortless to elevate both the sophistication and frequency of their attacks."

Share this page: