A recent Abnormal report analyzed the increase in email attacks in the first half of 2023. Examining data since 2013, the report identified a massive increase in third-party applications (apps) integrated with email, underscoring the proliferation of an emerging threat vector that cybercriminals are exploiting as they continue to shift their tactics.
The number of integrated third-party apps continued to rise in the first half of 2023 (between January and June), during which time researchers also observed overall increases in business email compromise (BEC) and vendor email compromise (VEC) attacks, continuing a trend that has persisted over the last five years.
The research showed that the average organization integrates 379 third-party apps with email — a 128% increase since 2020. And for large enterprises with 30,000+ employees, the number of integrated third-party apps shoots up to 3,973, on average. These include apps for collaboration, productivity, development, social networking, security, and more. Across the integrated third-party applications, 37% have high-risk permissions, such as the ability to create and delete emails or users, and even reset user passwords.
The report also showed a rise in both BEC and VEC attacks in the first half of 2023. BEC attacks increased by 55% over the previous six months, and nearly half (48%) of all organizations received at least one VEC attack during that same time frame.
Additional findings from the first half of the year include:
- A 34% increase in VEC attacks over the previous two halves.
- BEC attacks outpaced malware in a reversal of findings from the previous half.
- There is a 90%+ chance of receiving at least one BEC attack and a 76% chance of receiving at least one VEC attack each week for organizations with 5,000+ mailboxes.
- The technology industry is the most popular target for BEC attacks, while advertising/marketing is the most popular target for VEC attacks. Other popular targets for BEC attacks include construction, advertising/marketing, finance, transportation and media/entertainment.
Read the full report here.