Cybersecurity

Why Business Email Compromise (BEC) Impersonation is the Weapon of Choice for Cybercriminals

VIPRE Security Group, a cybersecurity, privacy, and data protection company, has released its Q3 2024 Email Threat Trends Report, shedding light on the evolving cybersecurity landscape. This comprehensive analysis of real-world data reveals the sophisticated strategies and techniques employed by cybercriminals, with a particular persistent focus on the highly lucrative tactic of business email compromise (BEC). VIPRE processed 1.8 billion emails globally, of which 208 million were malicious.

BEC impersonation weaponisation  

In this third quarter of 2024, cybercriminals intensified their efforts to exploit organisational vulnerabilities through employee deception. BEC scams surged, accounting for 58% of phishing attempts. Notably, 89% of these BEC attacks involved impersonation of authority figures, including CEOs, senior executives, and IT staff, underscoring the sophisticated tactics employed by malicious actors.

BEC aims for the manufacturing sector 

The manufacturing sector saw a significant rise in BEC attacks, potentially driven by financial fraud. These incidents increased from just 2% in Q1 to 10% in Q3 this year. This rise may be attributed to the industry’s widespread use of mobile sign-ins at various worksites. Employees accessing systems “on the go”, often under pressure to meet production deadlines, are more susceptible to phishing attempts.

Subtler tactics are a larger threat

Email threats in Q3 were dominated by scams (34%), commercial spam (30%), and phishing (20%). These email threats overshadowed ransomware and malware combined, which comprised less than 20% of all email attacks. Interestingly, despite their lower prevalence, ransomware and malware continue to receive disproportionate attention from the cybersecurity industry.r attachments 

To counter advancing email security solutions, criminals are deploying increasingly more intricate methods to bypass defenses. Attackers are employing sneakier techniques such as disguising malicious attachments as voicemail recordings or critical security updates to lure unsuspecting users into downloading them.

Additionally, Microsoft PDFs and .DOCX files remain the most common forms of malicious attachments. In Q3 2024, 2.18 million emails were detected containing harmful attachments, marking a 30% increase from the previous quarter’s 21% attachment-based attacks.

Phishing links and compromised websites

Cybercriminals continue to favour the URL redirection technique, a tactic that typically proves effective at evading security controls. This deceptive ploy utilises a “clean” URL within the body of the email, which then redirects unsuspecting users to a malicious one once inside. In Q3 2024, URL redirection accounted for 52% of such attacks, leading victims to meticulously crafted fraudulent websites designed to appear authentic, and gain trust.

Malspam pendulum swing from malicious links to attachments

When it comes to malspam, there is a pendulum swing from a preference for malicious links to attachments. During Q3, malspam efforts were centered on malicious attachments (64%), while only 36% employed a link. The attachment formats used were predominantly LNK, ZIP, and DOCX. Only a quarter ago, links were the tool of choice by a factor of nearly nine-to-one (86% links to 14%).

The ‘Malware Family of the Quarter’ goes to Redline

Redline is the top malspam family of Q3 2024, a spot it has maintained since the corresponding quarter in 2023. RedLine is designed to steal sensitive information from web browsers, such as credentials and payment data. Typically distributed via phishing emails or malicious websites, it sends stolen data to a command-and-control server controlled by the attacker. It can completely take over a compromised machine and uses multiple infiltration methods.

“The findings of this report yet again illustrate the sophistication of criminal tactics. BEC email and phishing attacks are becoming more targeted and convincing,” Usman Choudhary, CPTO, VIPRE Security Group, says. “Additionally, malware distribution through malicious spam campaigns continues to pose a serious threat to organisations. These findings stress the critical need for robust cybersecurity measures and ongoing employee education to combat these evolving threats, especially as bad actors gear up for the upcoming holiday season – Black Friday, Thanksgiving, Christmas, and New Year.”

To read the full report, click here: VIPRE’s Email Threat Trends Report: Q3 2024. 

0406
ITN
Today we live in a T-shaped world. While broad knowledge across the ecosystems is critical, deep insights and expertise of Subject Matter Experts help organizations leapfrog. At IndiaTechnologyNews, we cover much more than news, views and analysis, and we feature SMEs to help translate their knowledge to wider audiences. Reach me at editor@indiatechnologynews.in

You may also like