BEC Attackers Ditch C-Suite in Favor of Fresh Target

The number of Business Email Compromise (BEC) attacks being leveled at C-Suite executives has declined as threat actors focus on a new target.

According to new research published today by Abnormal Security, BEC attacks on C-Suite executives decreased by 37% in the first quarter of 2020 compared to the final quarter of 2019. 

Researchers discovered that cyber-criminals had a new springtime victim in their sights, as BEC attacks on finance employees—who hold the key to routine payments—shot up by more than 87%. 

The Abnormal Security Quarterly BEC Report for Q1 2020 notes a shift away from individual attacks to group BEC attacks. Campaigns with more than 10 recipients increased by 27% quarter by quarter. 

Researchers found that criminals had switched their focus away from paycheck and engagement fraud and toward payment fraud. Invoice fraud attacks were found to have increased more than 75%.

A section of the report was devoted to trends around email account compromise and security attack patterns observed during the COVID-19 pandemic. 

Evan Reiser, CEO and co-founder of Abnormal Security, described the attacks related to the outbreak of the novel coronavirus as "among the most sinister in intent that we have ever seen."

Researchers found that COVID-related attacks more than quadrupled between the second and third weeks of March 2020. Cyber-assaults increased 436%, with an average 173% week-over-week increase during the quarter.

COVID-19 vectors exploited by criminals included vaccines, PPE equipment, stimulus checks, PPP payments, layoff concerns, and the popularity of video conferencing tools. 

The majority of the coronavirus attacks Abnormal caught were scams that leveraged trusted entities, using compromised and spoofed accounts in order to scam users and companies out of money, steal their credentials, or install malware on their device.

“The email security trends we witnessed during Q1 are most certainly related to the COVID-19 pandemic and the shift to work from home, but they also reflect greater sophistication and attack strategy by threat actors,” said Reiser. 

“By increasing campaign target size, attackers increase the opportunity for social validity and by targeting finance employees who manage third-party payments, they’ve found a new vector for payouts.”

What’s Hot on Infosecurity Magazine?