According to Secureworks, the number of business email compromise (BEC) incidents doubled last year, displacing ransomware as the most prevalent cybercrime category.
A threat detection and response company Learning from Incident Response Reports from hundreds of real-world incidents called for investigation.
They claim that the significant increase in BEC volume was due to a surge in phishing, which accounted for one-third (33%) of the initial access vectors, up from 13% in 2021.
At the same time, ransomware lost its place as the most common type of cybercrime, with detections down 57%.
For more information on the top-grossing cybercrime categories, investment fraud is currently the largest cybercrime earner.
Secureworks suggests that this decline may be due to threat actors targeting smaller victims who are less likely to engage with incident responders like the report’s sponsors. At the same time, it could represent a change in the monetization strategy of the attackers.
Mike McLellan, Director of Intelligence at Secureworks, argues that while BEC attacks can yield significant returns, the technical skills required are relatively low.
“Attackers can phish multiple organizations simultaneously looking for potential victims without having to use advanced skills or manipulate complex affiliate models,” he added.
This analysis is consistent with recent Trend Micro reports suggesting that ransomware groups are increasingly considering adopting other criminal models to monetize initial access, such as BEC.
Elsewhere, Secureworks argues that vulnerabilities in Internet-facing systems account for another third of the initial access vectors, and that it is not zero-days that represent the greatest threats, but vulnerabilities such as Log4Shell. I warned you that this is a known bug.
The company also recorded a slight increase in state-sponsored activity, increasing from 6% to 9% of all attacks. The majority (90%) were related to China.
“Government-sponsored attackers have different goals than financially motivated attackers, but often use the same tools and techniques. For example, they deploy ransomware as a smokescreen for espionage. We have detected a Chinese attacker who is using
“Although the intent is different, the ransomware itself is not. The same is true for the initial access vector. It’s everything.”
According to Secureworks, most (79%) of all attacks were financially motivated, but the percentage is lower than before.
