Cybersecurity activity around business email compromise (BEC) spiked between April 2022 and April 2023, with over 150,000 daily attempts, on average, detected by the Microsoft Microsoft’s Digital Crimes Unit (DCU).
The findings were highlighted in the latest edition of Microsoft’s Cyber Signals, a cyberthreat intelligence report that spotlights security trends and insights gathered from Microsoft’s 43 trillion security signals and 8,500 security experts.
“BEC attacks stand apart in the cybercrime industry for their emphasis on social engineering and the art of deception,” said Vasu Jakkal, corporate vice president of security, in a blog post. “Successful BEC attacks cost organizations hundreds of millions of dollars annually.”
Microsoft’s DCU observed a 38% increase in cybercrime as a service (CaaS) attacks that targeted business email between 2019 and 2022, according to the report. There have also been 417,678 takedowns of unique phishing URLs directed by the DCU between May 2022 and April 2023.
Between April 2022 and April 2023, Microsoft detected and investigated 35 million BEC attempts with an average of 156,000 attempts daily.
“In 2022, the FBI’s Recovery Asset Team (RAT) initiated the Financial Fraud Kill Chain (FFKC) on 2,838 BEC complaints involving domestic transactions with potential losses of more than USD590 million,” Jakkal said.
Rather than targeting unpatched devices for vulnerabilities, BEC operators focus on leveraging the vast volume of daily email and other message traffic to trick victims into sharing financial information or unknowingly transferring funds to money mule accounts. Their goal is to exploit the constant flow of communication to carry out fraudulent money transfers.
Threat actors employ various methods when attempting business email compromise, which can involve phone calls, text messages, emails, or social media, according to the report. They use techniques like sending fake authentication requests or pretending to be individuals or companies to deceive their targets.
Topics used to trick victims in BEC attacks include, for example, payroll, invoice, gift card and business information themes, Microsoft said.
In addition, Microsoft has noticed a pattern in attackers’ utilization of platforms such as BulletProftLink. This CaaS platform is widely used for creating large-scale malicious email campaigns and offers a comprehensive service that includes templates, hosting, and automated features specifically designed for BEC. Moreover, adversaries who employ this service are supplied with IP addresses that assist in directing their BEC targeting efforts.
Cybersecurity professionals and law enforcement agencies are concerned that these new tactics in BEC attacks make it difficult to determine the location of threat actors, potentially leading to a surge in large-scale attacks.
“Although, threat actors have created specialized tools to facilitate BEC, including phishing kits and lists of verified email addresses targeting C-suite leaders, accounts payable leads, and other specific roles, there are methods that enterprises can employ to pre-empt attacks and mitigate risk,” Jakkal said.
Using secure email applications, securing identities to block lateral movement, adopting a secure payment platform and training employees are a few effective methods, according to the report.
"*" indicates required fields
Software Asset Management is a business practice that involves managing and optimising the life cycle of software within an organisation.
Software asset management is relevant to many facets of a business - take a look at some of the roles that it can form part of the focus of.
Software vendors come in all shape and sizes - all with their own set of licensing models and rules. We take a look at just a few of them.
As a constantly evolving subject, SAM is not without its challenges. We take a look at some of the most common ones.
Wondering what an investment in SAM could do for your business? Fill out a few details and find out what return you could get!
Answer a few questions about your SAM infrastructure & experience, and we'll put together a personalised recommendation for the future.
A simple health check of what's being used across your Office 365 estate in this FREE, Microsoft backed and easy to setup review.
Just like you would with your vehicle each year, get an annual check up of your software asset management programme.
Overwhelmed by the task of documenting the steps for a successful SAM programme? Get the experts in to help!
Concerned your SAM tools aren't covering your whole estate? Or on the look out for an entirely new tool? Get us in to assist.
Not content with covering all things SAM related, we've teamed up with Capital to provide a comprehensive hardware asset management review.
A simple, one-time reconciliation of the software you have deployed versus the licence entitlement you own.
A regularly scheduled analysis of your organisation's estate, specifically adapted to your needs and budget.
A full appraisal of your Microsoft 365 setup and how best to optimise it through automated recommendations.
An add-on to our SAMplicity One, MOT and Plus offerings, quickly diagnose your ability to migrate your resources to the cloud.
In collaboration with law firm Addleshaw Goddard, ensure the legality of your SAM programme and get assistance with any contract disputes.
Available as standard with SAMplicity Plus, ensure you're compliant if you're unexpectedly audited by a vendor.
We've teamed up with some of the forefront experts in licensing knowledge so you can teach yourself to be an expert too.
Stumped by the continually evolving complexities of SAM? Join us for one of our comprehensive courses, either in-person or online.
It’s chock full of useful advice, exclusive events and interesting articles. Don’t miss out!