Business email compromise attacks (BEC) have continued to grow in Q3 of 2020, rising by 15% overall compared to Q2, according to Abnormal Security’s Quarterly BEC Report.
The average weekly volume of BEC attacks increased quarter-by-quarter in six out of eight industries, with the biggest rise observed in the energy/infrastructure sector, at 93%. The industries which had the highest number of weekly BEC attacks were retail/consumer goods and manufacturing and technology, which were tied for the volume of campaigns received per 1000 emails.
Cyber-criminals had a particularly strong focus on BEC campaigns that had a goal of invoice and payment fraud in this period, with a 155% increase from Q2 to Q3 recorded. A corresponding decline in social engineering BEC attacks aiming to impersonate internal employees and VIPs or external partners was also seen.
In regard to the types of employees targeted, Abnormal Security reported that attacks on C-suite executives stayed flat compared to Q2, while campaigns targeting employees in finance departments fell by 53%. However, email attacks to group mailboxes surged by 212%, denoting a shift in tactics.
Credential-phishing COVID-19 related attacks declined 82% quarter-by-quarter, although invoice and payment fraud that leveraged the fear, uncertainty and doubt of the pandemic increased by 81%.
Evan Reiser, CEO of Abnormal Security, commented: “As the industry’s only measure of BEC attack volume by industry, our quarterly BEC research is important for CISOs to prepare and stay ahead of attackers. Not only are BEC campaigns continuing to increase overall, they are rising in 75% of industries that we track. Since these attacks are targeted and sophisticated, these increases could indicate an ability for threat actors to scale that may overwhelm some businesses.”
In the report Abnormal Security added: “It’s important to note that the highest rates of invoice and payment fraud BEC attacks targeting employees in finance observed thus far by Abnormal occurred during Q4 2019. This may indicate a seasonality to these types of attacks. If this is the case, we should see a significant spike in such attacks in Q4 of this year.”