Graymail, phishing, vendor impersonation, and other BECs clogging up security teams’ time.
As TechRepublic has reported previously, business email compromise — or BEC — attacks are on the upswing, particularly as threat actors use such tactics as third-party reconnaissance to impersonate vendors.
Email security firm Armorblox reported a rise in nearly all forms of email attack last year. In its second annual 2023 Email Security Threat Report, Armorblox found increases in vendor compromise, fraud and that graymail, bulk emails — legitimate or otherwise — wasted 27 hours of security teams’ time per week last year.
Armorblox, which said its report is based on data from four billion emails and 800,000 thwarted threats every month in 2022, found:
- A 70% increase in phishing attacks, compared to 63% in 2021.
- Small and medium-sized businesses are particularly vulnerable to vendor fraud and supply chain email attacks.
- Fifty-three percent of vendor compromise attacks targeted technology organizations.
- Fifty-two percent of attacks involved sensitive user data, such as user login credentials.
- Seventy-seven percent of BEC attacks use language and social engineering.
- Fifty-eight percent of attacks targeted SMBs.
- Twenty percent of BEC attacks involved graymail or unwanted solicitation.
- Fifty-six percent of attacks bypassed legacy security filters.
- A 72% increase in financial fraud attacks last year.
The firm predicted that generative AI tools will drive an increase in BEC, as well.
“Based on threats analyzed by Armorblox across our customer base of over 58,000 organizations, we see over half of email attacks targeting critical business workflows aim to exfiltrate sensitive user data,” said D.J. Sampath, co-founder and CEO of Armorblox in a statement.
“These attacks often involve bad actors infiltrating legitimate business communications to alter sensitive business information, such as assigning new routing numbers for payment requests,” he said.
He added that they use language as the primary attack vector to impersonate trusted software as a service applications, vendors and VIPs.
“Increasing the critical need for organizations to augment native and legacy security layers with modern API-based solutions that use a broad set of deep learning algorithms, machine learning models, data science approaches, and natural language-based techniques to understand the content and context of communications, and protect against these targeted attacks,” he said.
For attackers focused on insecure browsing, hybrid work is of increasing concern among CISOs
The study also noted that hybrid work arrangements will increase risks to employees working at home. Respondents to a new survey-based study by cybersecurity firm Red Access around hybrid work and browsing security acknowledged that while they see hybrid work as a permanent work paradigm, they also consider it the most vulnerable point of entry for threat actors.
In the survey, 72% of the 300 chief information security officers from the U.S. and U.K. from companies of 5,000 or more employees said the hybrid and remote workforce has a negative impact on their organization’s security posture. They also argued that tactics that include secure web gateways and isolating remote browsers are insufficient in the face of the protean threats presented by attackers.
To complicate matters, adoption of these techniques is also lower at organizations that are moving workers to a primarily remote model than at companies where workers are primarily in the office, according to the survey.
“The results of this study leave little doubt as to what’s on the minds of today’s top cybersecurity decision makers,” said Dor Zvi, co-founder and CEO at Red Access.
“Now that web browsing permeates virtually everything we do at work, malicious actors are doing more to target this expanding attack surface; and it’s clear that CISOs have taken note. In light of this growing trend, it’s imperative that organizations go beyond legacy solutions and invest in technologies that are dedicated to protecting every employee’s browsing activity, no matter where it originates. Web browsing has become the operating layer on which hybrid and remote work run, and organizations ought to do as much as they possibly can to secure it.”