Email is the most widely used communication channel across the corporate landscape. Unfortunately, email threats also are among the most dangerous from a cybersecurity standpoint.
Because of its ongoing widespread usage, cybercriminals focus their efforts on email exploits that lure unsuspecting users into succumbing to their schemes.
Organizations that know cybercriminals lean heavily on email campaigns for their attacks are turning to MSPs to help them thwart email threats and keep their operations safeguarded. However, cybercriminals always adapt, constantly devising new ways of exploiting unsuspecting organizations for a huge payday.
To ensure customers are protected from every possible angle, MSPs should familiarize themselves with three lesser-known email attack methods on the rise in 2024 and provide their customers with the right defense.
Phishing with AI
Email threats were more recognizable in the past. Cybercriminals put little effort into crafting convincing text, making it easy for employees to dismiss attempts as spam.
But thanks to the debut of generative AI, threat actors can now easily create compelling emails that mimic human-written text, making it more difficult for employees to notice social engineering tricks.
These tactics extend beyond written text; using AI tools, threat actors can create realistic audio and visuals to persuade targets into giving out personal information, work credentials, or opening files with malicious software like ransomware. With the affordable and accessible technology, expect cybercriminals to lean on GenAI in the coming year.
Daniel Blank
To reduce the likelihood of a successful phishing attack, MSPs should provide organizations with an automated service that offers ongoing employee training on spotting unusual activity. Additionally, they can help organizations define a strategy for informing IT support of any suspicious behavior to quickly take mitigation steps.
MFA Bypass
Threat actors previously had enormous success gaining access to corporate accounts through simple password strings or stored passwords that employees failed to secure. But the vulnerability of traditional passwords prompted the corporate world to adopt multi-factor authentication (MFA) as a secondary security measure.
MFA makes it harder to gain access, however, determined cybercriminals can still bypass these measures. Social engineering can persuade unsuspecting users into sharing authentication codes. MFA bypass kits and reverse-proxy-style attacks also help cybercriminals gain access, allowing them to create fake login screens that employees use to authenticate cloud services.
MSPs should ensure their clients are aware of MFA bypass attacks. Advocate for continued security awareness training and the implementation of a trusted email security solution to reduce the likelihood of a social engineering attempt.
QR Codes
Businesses often post QR codes in public spaces like stores or restaurants, allowing users to pull up a link to a website using the camera on their mobile device. It’s a convenient way to get to important information, which is why QR codes now can access some business applications.
QR codes have risen in popularity with threat actors since society has inadvertently trained people to readily scan them in a post-pandemic world. Naturally, cybercriminals have capitalized on this trend by using QR codes in emails to trick employees into browsing malicious websites to either gather information (like credit card details) or to harvest login credentials.
Because QR codes are relatively simple to create, threat actors can create them using malicious links or software (like ransomware) to permeate IT systems. What’s worse, most email scanning tools cannot analyze the links within these codes.
MSPs should act as trusted advisors to their customers by providing a solution that scans QR codes. This process can be done before the offending QR code hits an end user’s inbox, so that employees aren’t even allowed to scan it.
Cybercriminals will shift their attack strategies to take advantage of organizations that do not keep their security posture in line. MSPs must stay up to date on the latest developments and use the right solutions to protect their customers, as well as offer proper guidance on best practices to mitigate cyber risk. With the right measures in place, they can defend their customers against attack vectors that bypass cybersecurity software.
Daniel Blank is COO of Hornetsecurity. He has over 15 years of experience selling complex IT products, and 15-plus years of various managerial positions in the cloud security environment.
Image: iStock
