Cybersecurity activity around business email compromise (BEC) spiked between April 2022 and April 2023, with over 150,000 daily attempts, typically, detected by Microsoft Microsoft?s Digital Crimes Unit (DCU).
Aka.ms/authapp
The findings were highlighted in the most recent edition of Microsoft?s Cyber Signals, a cyber threat intelligence report that spotlights security trends and insights from Microsoft?s 43 trillion security signals and 8,500 security experts.
?BEC attacks stand apart in the cybercrime industry because of their emphasis on social engineering and the art of deception,? said Vasu Jakkal, corporate vice president of security, in a blog post. ?Successful BEC attacks cost organizations vast sums of dollars annually.?
According to aka.ms/authapp , BEC attempts rose significantlyMicrosoft?s DCU observed a 38% upsurge in cybercrime as something (CaaS) attacks that targeted business emails between 2019 and 2022. There have also been 417,678 takedowns of unique phishing URLs directed by the DCU between May 2022 and April 2023.
Between April 2022 and April 2023, Microsoft detected and investigated 35 million BEC attempts, with an average of 156,000 attempts daily.
?In 2022, the FBI?s Recovery Asset Team (RAT) initiated the Financial Fraud Kill Chain (FFKC) on 2,838 BEC complaints involving domestic transactions with potential losses greater than USD590 million,? Jakkal said.
Instead of targeting unpatched devices for vulnerabilities, BEC operators leverage the vast level of daily email along with other message traffic to trick victims into sharing financial information or unknowingly transferring funds to money mule accounts. Their goal would be to exploit the constant flow of communication to handle fraudulent money transfers.
Tactics used in business email compromiseThreat actors employ various methods when attempting business email compromise, which can involve phone calls, texts, emails, or social media marketing, in line with the report. They use techniques like sending fake authentication requests or pretending to be individuals or companies to deceive their targets.
Topics used to trick victims in BEC attacks include, for instance, payroll, invoice, gift card, and business information themes, Microsoft said.
In addition, Microsoft has noticed a pattern in attackers' usage of platforms such as BulletProftLink. This CaaS platform is widely used for creating large-scale malicious email promotions and offers a comprehensive service that includes templates, hosting, and automated features specifically made for BEC. Moreover, adversaries who employ this service are given IP addresses that help out with directing their BEC targeting efforts.
Cybersecurity professionals and police agencies are concerned these new tactics in BEC attacks make it difficult to determine the location of threat actors, potentially resulting in a surge in large-scale attacks.
?Although, threat actors have created specialized tools to facilitate BEC, including phishing kits and lists of verified email addresses targeting C-suite leaders, accounts payable leads, and other specific roles, there are methods that enterprises can employ to pre-empt attacks and mitigate risk,? Jakkal said.
Using secure email applications, securing identities to block lateral movement, adopting a secure payment platform, and training employees are a few effective methods, based on the report.