email threats, malware, phishing attack

Why MSPs Need To Stay Focused on Email Threats

Cybersecurity is a critical issue for most MSPs, and that doesn’t seem likely to change anytime soon. The development of generative AI has helped strengthen MSPs’ defenses, but it is also improving attackers’ malware. Barracuda recently released their Email Threats and Trends Report, which shows the alarming rates and ways in which threat actors are continuing to develop their attack methods. 

“IT and security professionals need to stay focused on the evolution of email threats and what this means for security measures and incident response,” said Sheila Hara, senior director of product management at Barracuda, in a press statement. “This involves understanding how attackers can leverage generative AI to advance and scale their activities, and the latest tactics they’re using to make it past security controls.” 

Social Engineering Trends 

Social engineering was responsible for 69 million cyberattacks over the last year. 

Conversation hijacking. While only consisting of 0.5% of all the social engineering attacks studied, the conversation hijacking method has increased in frequency by 70% over the last year. Conversation hijacking usually consists of attackers stealing login credentials and reading virtual correspondence to successfully impersonate executives. While much more labor intensive than the average phishing attack, the payout can be huge. 

Phishing. Phishing attacks made up 35.5% of all socially engineered email threats last year. While many MSPs know and actively educate their customers about the dangers of phishing attacks, the attacks are getting much harder to spot. Hackers have begun shortening URLs, using redirects, and hosting malicious links on document sharing sites to outsmart email security software. And with the accessibility of programs like ChatGPT and Grammarly, simply looking for typos and poor grammar isn’t always a surefire method to spot malicious emails anymore. 

Don’t Get Quished 

QR codes have made sharing information far more efficient, but they’ve also created a new avenue for attackers. The frequency of QR codes phishing attacks, or quishing, rose sharply at the end of 2023. 

This is so insidious because the format of QR codes can’t be scanned by typical email scanning software—there are no embedded documents or links to check. Additionally, quishing forces victims to use a personal device, such as their phone, to scan the QR code sent to their company computer, easily bypassing all of the company’s cybersecurity defenses. Barracuda’s researchers found that roughly 1 in 20 mailboxes were targeted with malicious QR codes in the last quarter of 2023 

Generative AI’s Impact 

Since ChatGPT’s public release in late 2022, the accessibility of generative AI tools has made it increasingly more difficult to tell when emails are actually phishing attacks. This is because generative AI allows attackers to fairly easily create tailored, relevant messages for their intended victims, with proper spelling, grammar, and phrasing. Additionally, cyberattackers are also utilizing tools available via the dark web, such as WormGPT and DarkBERT to create copy and generate malicious code. 

Thankfully, while generative AI has rapidly evolved the sophistication of cybercrime, it is also rapidly improving cybersecurity defenses and detection abilities. This is why it’s so important for MSPs to stay on top of AI development; for more details about the anticipated future of AI, check out Nick Heddy’s keynote from Pax8 Beyond.



Sarah Jordan

Sarah Jordan is a staff writer at MSP Success. When she’s not reporting on trends and issues pertinent to the MSP community, you can usually find her working on her novel’s manuscript.


Get The #1 Media Source For MSPs!
Thousands Of MSPs Trust
MSP Success Magazine
For The Best Industry News, Trends And Business Growth Strategies. Subscribe now!

Upcoming Events

Stay Up To Date

Thousands Of MSPs Trust
MSP Success Magazine
For The Best Industry News, Trends and Business Growth Strategies

Never Miss An Update