According to Abnormal Security, recorded business email compromise (BEC) attacks will increase by more than 81% in 2022, up 175% over the past two years, and malicious email open rates are also soaring.
Security vendors have analyzed data from their customers to compile threat reports for the first half of 2023. Read the alert.
In the second half of 2022, the median open rate for text-based BEC emails was 28%. Even more worrying is that 15% of his malicious emails were replied to by company employees.
While employees at all levels of the organization are involved with BEC emails, the report found that 78% of new hires read and responded to these malicious messages. Staff at companies in the transportation sector (16%) were most likely to respond to attacks, followed by automotive (9%) and medical (8%).
Abnormal Security also revealed a lack of reporting to security teams. Only 2% of known attacks were flagged.
BEC attacks are increasingly targeting smaller businesses. The report notes a 145% increase in malicious emails targeting SMB inboxes.
Mike Britton, CISO at Abnormal Security, said staff education has so far only been able to mitigate the risks posed by BEC, and organizations should also consider layering this approach with hardened technology solutions. I claimed.
“Email is arguably the most common channel for asynchronous communication, and as our reliance on email has grown over the past two years, so has its popularity as an attack vector,” he adds. I was.
“One of the biggest challenges with email attacks is that the attacker only needs to be successful once, while the employee has to be right every time.”
Attackers increasingly use open source intelligence gleaned from sites such as LinkedIn, SEC Disclosure, and even the websites of targeted organizations to make their emails more convincing. personalize for, warns the report.
Law enforcement agencies continue to disrupt major BEC cybercriminal activities around the world, but losses are mounting. The scammer has made about $2.4 billion globally from her FBI-reported attacks in 2021. This is the highest amount for any type of cybercrime.
