Business email compromise (BEC) attacks surged by 246% last year, according to researchers at ReliaQuest.The researchers believe the increase is due to widely available phishing kits that facilitate BEC.
ReliaQuest states, “BEC attacks will almost certainly intensify through 2024, as threat actors increasingly use generative AI and sophisticated phishing kits to evade such defenses as two-factor authentication (2FA).”
The researchers point out that BEC attacks are typically more financially damaging than other forms of social engineering.
“The stealthy nature of BEC leads to it often going unnoticed until the damage is done,” the researchers write. “Although useful for identifying known threats, traditional detection practices are less effective against sophisticated attackers who continuously adapt their strategies. For example, static detection relies on spotting anomalies, such as email rules with unexpected names or actions. But attackers are using techniques that mimic expected and legitimate activities, making them harder to detect and leading to potential security breaches.”
ReliaQuest also notes that attackers are getting better at bypassing organizations’ security defenses.
“Not only are there more means to conduct BEC, but threat actors are also becoming increasingly aware of organizations’ security measures—and finding ways to evade them,” the researchers write.
“In a BEC attack we analyzed this year, a threat actor posed as an employee of a ReliaQuest customer and created an email rule in the employee’s Outlook account. When we flagged the action as suspicious to the client’s security team, the ‘employee’ then claimed it was intentional. Despite the claim, we recommended the customer to communicate with the employee through a different channel, which confirmed the activity was malicious.”
New-school security awareness training can give your organization an essential layer of defense against social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
ReliaQuest has the story.
Here's how it works:
