Why email is the major villain in cybersecurity

In the age of social media, emails may seem outdated, but not to digital criminals. In the first half of this year, email attacks on organizations worldwide surged 293% compared to the same period last year, becoming one of the primary sources of digital threats, according to a semi-annual study by Swiss cybersecurity firm Acronis. This increase reflects the growing use of email by companies. From January to June, email traffic rose by 25%, contradicting the notion that email was on the brink of extinction. Unsolicited messages, or spam, accounted for one in every three emails, and 1.5% of the traffic contained some type of digital risk.

“It’s a global phenomenon driven by several factors. The main one is the human factor, which continues to be the biggest vector for cybercriminal success. They just need to get someone to click on a fake link or enter a password in the wrong place,” said Ezekiel Steiner, CEO of Acronis. “Today, with artificial intelligence tools, it’s possible to launch an email attack very easily and almost at no cost.”

During the semester, 40% of individuals faced at least one email attack at the office. “Phishing” was the most used method, accounting for 26% of attempts. The term originates from the verb “to fish.” Scammers send messages with a link that, when clicked, directs the victim to a site that mimics a genuine email address. This allows cybercriminals to obtain financial data and confidential information. Viruses received via email accounted for another 13% of cases.

These incidents are often characterized by the use of social engineering, a set of techniques employed to reduce the victim’s suspicion. The message may, for example, appear to come from a colleague, family member, or reputable institution.

A case that illustrates this trend well is the soccer scam, which spread rapidly in Europe. Fans received emails claiming they were among the winners of a promotion attributed to the UEFA Euro 2024 tournament. Upon clicking the link, the victim was redirected to a page with questions about the tournament. Regardless of the answer given, they received a message saying they had won and could purchase a MacBook Pro for just €2. Once the form was filled out, the criminals stole credit card details.

The study was based on the evaluation of over one million “endpoints,” or network entry points, focusing on devices with the Windows operating system, the most widespread in the global computer landscape.

AI can contribute to the success of cybercrime in various ways. Many scams are avoided because the messages are poorly written and contain gross grammatical errors. However, with the help of AI, it is predicted that they will become more difficult to detect and, therefore, potentially more damaging. “AI tools make the email appear legitimate. And how much does this cost the criminal? Just a few hours of preparation and a few dollars for encryption or some other service,” said Mr. Steiner.

The study describes two types of AI-driven attacks. The more common type uses artificial intelligence as an automation tool to create malware, such as viruses and Trojan horses, but the attacks themselves do not incorporate artificial intelligence. The second type includes integrated AI, allowing threats to analyze the environment and adapt as circumstances change. “But for now, this is rare and only seen in very sophisticated attacks,” said the CEO of Acronis.

In the case of viruses, while in nature the trend is for them to become more resistant, in cyberspace the opposite occurs. Malware has never had such a short lifespan, the report says. In June, samples collected by Acronis remained active for an average of 2.3 days before disappearing. The reason? As companies adopt more efficient protection systems, attackers know that viruses will be quickly detected, sometimes in a matter of hours. Therefore, they use automation tools to multiply the number of threats and victimize as many as possible before the invasive programs are detected and countered. Of the samples analyzed by Acronis, 82% were seen only once.

Ransomware, where criminals infiltrate an organization’s systems and encrypt essential data, demanding a ransom for the decryption key, remains prevalent. In the past semester, one of the most active ransomware gangs was dismantled by a task force led by the United Kingdom’s National Crime Agency. Authorities took control of 34 servers from the LockBit group, 14,000 accounts used to store stolen data, 200 cryptocurrency wallets, and a thousand decryption keys. However, weeks later, despite the arrest of several members, the gang resumed its activities.

“Criminals are everywhere. Arrest one, and ten more appear to take their place,” said Mr. Steiner. The severity of the situation has prompted discussions about creating transnational laws to combat cybercrime, which would require intense diplomatic efforts and a long maturation period for the rules. “The question is whether something can be done on an international level to protect the public, companies, and the economy, but I wouldn’t bet all my chips on that hypothesis,” said the executive. “Enhancing defenses is the best course of action now rather than waiting for the international community to organize.”

link