August 14, 2024 at 11:16AM
Email attacks have dramatically increased, with Abnormal Security’s H1 2024 analysis showing a 50% rise from H2 2023. CISO Mike Britton discusses the limitations of Multi-Factor Authentication (MFA), reasons for email attacks’ popularity, and the potential impact of AI on phishing. The report also highlights the surge in file-sharing attacks and the role of SaaS in enabling adversaries.
The meeting notes discuss the increased prevalence of email attacks, particularly through social engineering and phishing tactics. Despite the common recommendation of using multi-factor authentication (MFA) for security, it is mentioned that MFA is not a foolproof solution and can be vulnerable to certain attacks. The growth in email attacks is attributed to a shift in criminal strategy rather than just the adoption of AI. Attackers are leveraging popular platforms, engaging in file-sharing phishing attacks, and exploiting flaws in Software as a Service (SaaS) models. The potential for AI in more targeted attacks is noted, particularly in business email compromise (BEC) and vendor email compromise (VEC), although such usage remains rare. The success of email attacks is attributed to the human brain’s tendency to trust familiar links and platforms. The meeting notes also mention Abnormal Security’s recent Series D funding round.