Threat actors launched 156,000 business email compromise (BEC) attempts per day between April 2022 and April 2023, according to Microsoft’s latest Digital Defense Report. While most of these attempts go unanswered, criminals can receive massive payouts when they succeed.
The researchers explain, “As Microsoft’s cloud services continue to evolve through innovative breakthroughs, threat actors are adapting their social engineering techniques and use of technology to carry out more sophisticated and costly BEC attacks. The success of these attacks is largely due to the growing targeting of cloud-based infrastructure, exploitation of trusted business relationships, and development of more specialized skills by the threat actors. Microsoft’s Digital Crimes Unit (DCU) believes that increased intelligence sharing across the public and private sectors will enable a faster and more impactful response against the threat actors behind these attacks.”
Microsoft also warns that BEC actors are also growing increasingly sophisticated and organized.
“The structure of organized criminal networks perpetrating BEC attacks is also evolving, along with the skills of the threat actors who make up these organizations,” Microsoft explains.
“BEC criminal networks predominantly originate from Africa and range from a hierarchical organization with top-down command, such as the Black Axe group, to loosely organized networks managed regionally, commonly known as ‘zones.’ Many zone actors move to industrialized countries for technical education and work experience, then use their new knowledge to carry out more sophisticated attacks, such as VEC. DCU has observed some zones are organized by roles and use specialized skills to improve the efficacy of their attacks. In these instances, threat actors may be involved in one or more roles.”
KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Microsoft has the story.
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!
