Listen to this blog post below
Follow this article to stay informed on how malicious actors execute new-age email scams, including AI-driven attacks. Use this information to strengthen your cybersecurity defenses.
Perception Point: AI Is the Future of Email Attacks, Businesses Fear Impact
9 of 10 businesses reported encountering artificial intelligence (AI) based email cyberattacks. Additionally, eight out of ten believe threat actors will keep using AI to compromise existing security measures.
Perception Point, a firm providing advanced threat protection across various digital communication channels, said the report “The Role of AI in email Security” provides critical insights on the “sudden” rise in malicious actors’ use of AI to execute business email compromise attacks.
The report also includes the methods businesses can use to counter these modern threats. According to the study, organizations that ranked AI as “critical” to their email defenses increased by over four times in the past 12 months.
The following are the findings from the study:
- Nearly 4 out of 5 businesses ranked managing email security risks among the prominent three priorities for their organization compared to other security and risk initiatives.
- 97% of organizations have implemented AI-driven email security because their legacy systems were ineffective against AI-enabled threats.
- AI-driven email security buyers also want to protect other collaboration and communication apps better, like Microsoft Teams, OneDrive, Zoom, SharePoint, Slack, and Salesforce, with AI.
Image sourced from bmc.com
Sextortion Emails Increase by 178% to Become the Third Top Email Threat
An ESET study has revealed that sextortion scams via email have increased by 178% in the first half of 2023 compared to the same period last year. Thus, sextortion has risen to the third level among top email-based threats.
The scam involves threat actors sending emails to prospective victims claiming that the former possessed explicit images or videos of the recipient. They ask for money so they won’t post sensitive content online. However, as per ESET, the threats are hollow; malicious actors sending the emails do not often have any private media of the recipients with them.
That said, a more severe form of the scam must be expected wherein threat actors can use deepfake technology to create fake explicit content of people to use for sextortion. As per the FBI, such content will be difficult to remove from the internet once it starts circulating online.
Barracuda’s Email Appliances Still Vulnerable Despite Patch
A recent FBI warning states that Barracuda’s Email Security Gateway (ESG) appliances remain vulnerable to threats from suspected Chinese malicious actors despite a recent patch.
The threat had been first active since October 2022, exploiting a zero-day vulnerability labeled CVE-2023-2868 that provided adversaries with privileges on ESG appliances, potentially affecting many customers using the device. The flaw stayed undetected until it was recently discovered and patched.
However, the new finding says that the threat actors, named UNC4841 by Google Mandiant, still use the flaw to infiltrate the affected ESG appliances. The remote command injection flaw appears in ESG appliances with versions from 5.1.3.001 to 9.2.0.006 and gives threat actors administrator privileges to execute system commands remotely.
As per Barracuda, a specific notification helps customers identify the flawed appliances. Barracuda urges customers using affected ESG appliances to contact Barracuda for a free replacement.
Experian Fined by the US Regulator $650K Over Sales emails
The Federal Trade Commission has slapped a fine of $650,000 on Experian Consumer Services and imposed an injunction for sending unsolicited emails to its customers. The impacted users had created free Experian accounts for third-party access to their credit reports.
The emails asked users to confirm if a car that Experian had linked with the victim’s account was theirs, offering a free service to boost the user’s credit score and advertising a free dark web scan.
The US Department of Justice (DoJ) said, “The emails did not offer the recipients any opt-out mechanism if they did not want to receive such emails in the future.” It added, “According to the complaint, the emails implied that they had customers’ crucial information, even if it was commercial.”
After receiving several consumer complaints that these emails did not offer any opt-out mechanism, the government swung into action.