Abnormal Security released its H2 2023 Email Threat Report, revealing how email attacks have increased in both sophistication and volume since the start of the year.

Examining data since 2013, Abnormal identified a massive increase in third-party applications (apps) integrated with email, underscoring the proliferation of an emerging threat vector that cybercriminals are exploiting as they continue to shift their tactics.

The number of integrated third-party apps continued to rise in the first half of 2023 (between January and June), during which time Abnormal also observed overall increases in business email compromise (BEC) and vendor email compromise (VEC) attacks, continuing a trend that has persisted over the last five years.

Connected Third-Party Applications Are Growing, Increasing Undue Risk

Abnormal's research showed that the average organization integrates 379 third-party apps with email-a 128% increase since 2020. And for large enterprises with 30,000+ employees, the number of integrated third-party apps shoots up to 3,973, on average. These include apps for collaboration, productivity, development, social networking, security, and more.

"So many of today's organizations lack visibility into connected third-party apps within their email environment, and attackers are taking note," said Mike Britton, chief information security officer at Abnormal. "Historically, cybercriminals relied on sending credential phishing links via inbound email to access and compromise accounts. But as more security leaders began locking down this ‘front door' with solutions to detect those malicious messages, attackers have adapted their tactics. Now, they're increasingly targeting email ‘side doors' via third-party app integrations to compromise accounts and read emails undetected."

Across the integrated third-party applications, 37% have high-risk permissions, such as the ability to create and delete emails or users, and even reset user passwords. Britton continued, "These findings show us just how important it is for security teams to understand which apps are connected to email and what permissions they've been assigned. Understanding risk is the first step in ongoing efforts to manage security posture."

BEC and VEC Attack Volumes Continue to Increase

The report also showed a rise in both BEC and VEC attacks in the first half of 2023. BEC attacks increased by 55% over the previous six months, and nearly half (48%) of all organizations received at least one VEC attack during that same time frame.

Additional findings from the first half of the year include:

• A 34% increase in VEC attacks over the previous two halves.
• BEC attacks outpaced malware in a reversal of findings from the previous half.
• Large organizations are especially at risk. There is a 90%+ chance of receiving at least one BEC attack and a 76% chance of receiving at least one VEC attack each week for organizations with 5,000+ mailboxes.
• The technology industry is the most popular target for BEC attacks, while advertising/marketing is the most popular target for VEC attacks. Other popular targets for BEC attacks include construction, advertising/marketing, finance, transportation, and media/entertainment.

"The fact that BEC and VEC attacks are continuing to grow-despite more security awareness and continued advancements in legacy security tools-shows us that email is still one of the easiest ways to infiltrate organizations," said Britton. "And with the rise of generative AI tools like ChatGPT to help craft these emails, it's only getting easier for threat actors to keep scaling their attacks in sophistication and in volume."

Britton continued, "The report's findings reveal a concerning combination of threats that is making email an increasingly vulnerable target. Between emerging threat vectors like connected third-party apps, and persistent attack tactics like BEC and VEC, one thing is clear: there are more surfaces to protect, and organizations need to have their bases covered."

You can download the full H2 2023 Email Threat Report here.