SMBs are still being disproportionately targeted by cyber criminals, with employees four times more likely to encounter a cyber threat as against those at a large organisation, according to Mimecast’s new Global Threat Intelligence Report 2024 H1.
While large enterprises may be considered a more fruitful target for scammers, it’s SMBs that are seeing the most frequent cyber threats. Overall, small and medium businesses saw a peak in attacks in the first quarter (40 and 31 threats per user, respectively), while large enterprises saw fewer threats per user (TPUs) overall – about 11 TPU.
Looking at businesses of all sizes, the average number of TPUs declined by about a third, dropping from 19 TPUs on average during Q4 2023 to 14 TPUs in the latest quarter (Q2 2024).
Threat actors link up
Messaging attacks continue to evolve, with hackers moving away from pushing malware to using malicious links as the preferred method of delivering payloads to victims’ systems. In fact, Mimecast’s analysis found malicious links surged by 133% in the first quarter of 2024 and 53% in the second quarter, compared to the same period in 2023.
Attacks are increasingly employing multiple layers of false information requiring more interaction from victims, who are forced to click through links, respond to CAPTCHAs, and engage with false multi-factor authentication requests. Additional obfuscation layers allow these types of attacks to fly under the radar, gaining entry where malware would be denied.
During the first half of the year, a campaign targeting Australian law firms used confusing URLs in email messages to send users to an intermediate page on one of several collaboration platforms. Clicking on the link redirects victims to a fake Microsoft login page to access credentials.
AI-enabled scams emerge
More often attackers are using generative AI to create phishing templates. However, in one case, attackers targeted corporate employees by sending 380,000 emails with an attached PDF document. Clicking on the file opens the PDF in a web browser and displays a page hosted on an AI development service.
AI-driven attacks are not just impacting businesses. Attackers are increasingly targeting consumers by using Microsoft distribution lists to send mass emails that pass security checks and notify recipients of an imminent deduction or charge, prompting them to contact an AI bot call center to collect information. In May 2024, Mimecast detected more than 1.6 million email messages in this type of campaign.
Small businesses remain the prime target for cyber threats
As observed in the Q4 2023 report, small businesses experience the highest volume of cyber threats, Mimecast saw this peaking at 40 threats per user (TPU) in Q1 2024. Employees at both small and medium businesses continue to see more than twice the number of threats compared to users at large enterprises.
Analyzing businesses of all sizes, the average number of TPUs declined by about a third, dropping from 19 TPUs on average during Q4 2023 to 14 TPUs in the latest quarter (Q2 2024). The threats impacting large enterprises declined in the first quarter, but slightly jumped in the second quarter of this year.
“Email and collaboration tools are often seen merely as cost centers, but this overlooks their essential role in cybersecurity,” says Mick Paisley, Chief Security & Resilience Officer at Mimecast. “By optimizing email security, organizations can achieve significant cost efficiencies while ensuring robust protection against emerging threats. This approach is crucial not only for minimizing cyber risks but also for maintaining the productivity and safety of your organization.”
For more insights and recommendations from our team download the full report: Mimecast’s Global Threat Intelligence Report 2024 H1