Cyber criminals have stepped up their targeted attacks on company inboxes, mainly in an attempt to cause financial harm by way of Business Email Compromise (BEC). The attackers are now increasingly resorting to social engineering and, what’s more, they’re going about it with growing sophistication.
This is the conclusion researchers at Microsoft’s Digital Crimes Unit (DCU) have come to in a recent report. The report details a significant trend towards cybercrime-as-a-service (CaaS), amongst other developments, and points out that an ever larger number of attacks have been conducted via residential IP addresses, making campaigns appear local and thus more genuine.
The report includes a description of the CaaS platform BulletProftLink, which offers a wide-ranging service including templates, hosting and automated services to conduct BEC attacks on an industrial scale. BulletProftLink relies on a decentralized gateway design, which abuses publicly accessible blockchain nodes to host phishing and BEC sites. Using this platform, the attackers gain access to the login credentials and IP addresses of their victims. They then purchase IP addresses from residential IP services in the same region as their targets and create proxies which allow the criminals to mask their real locations and circumvent “impossible travel” flags. The experts have observed this tactic especially in connection with cyber criminals based in Eastern Europe and Asia.
Practically all forms of BEC on the rise
BEC is thoroughly lucrative, meaning that these attacks cost the firms falling victim to them hundreds of millions of dollars a year. According to the IC3, the FBI’s specialized unit responsible for combating such crimes on US federal level, 21,832 cases of business email compromise causing total damage of around 2.7 billion US dollars were reported last year.
The main targets of BEC are directors and top managers as well as those responsible for finance and HR who have access to personal data. Threat actors also commonly set their sights on new employees. According to the report, practically all forms of BEC are on the rise. To draw victims in, targeted BEC attacks often include lure, payroll, invoice, gift card, and business information. From April 2022 to April 2023 alone, the DCU registered 35 million attempts to hijack business email traffic – that means an average of more than 150,000 per day.
These trends and figures highlight how crucial it is to secure the critical communication channel email as well as possible. To maximize your protection, the Retarus Secure Email Platform includes amongst its Email Security services highly effective phishing filters, CxO fraud detection, URL rewriting and real-time checking of web links. The service is excellently suited for complementing and augmenting the email security offered by Microsoft 365 with functions developed in Europe which are 100 percent GDPR compliant. Find out more about this on our website or directly from your local Retarus representative.