Fraudulent Instruction Losses Spike in 2022

The percentage of insurance claims for fraudulent instruction attacks has in the first quarters of 2022 already exceeded the figure for the whole of last year, according to Beazley.

The London-headquartered insurer’s Cyber Services Snapshot report features data gathered between 2020 and Q3 of 2022, across multiple sectors and causes of loss, to shine a light on emerging cyber-risk.

Fraudulent instruction is a type of business email compromise (BEC) where a victim organization employee is tricked into transferring funds outside the company by a fraudster purporting to be a vendor, partner or other trusted party.

In all verticals bar education, the percentage of clients reporting fraudulent instruction losses in the period Q1–Q3 2022 exceeded the total for 2021.

The gap was particularly great in manufacturing, where the figure so far for 2022 is 26% versus 15% for the whole of 2021, in retail (25% vs 13%) and in the non-profit sector (25% vs 12%).

On average across all industries, 16% of Beazley clients have reported fraudulent instruction losses so far in 2022, versus 11% for the whole of 2021.

For BEC as a whole, only in professional services (35% vs 23%) and education (12% vs 8%) were there more clients complaining of losses in 2022 than last year.

There was also slightly positive news in the category of “system infiltration” with a decline in victims across all verticals bar healthcare, where the figure stands at 41% compared to 33% in 2021.

Beazley also detailed ransomware threat vectors in its report, highlighting the continued threat posed by phishing, which was present in 31% of cases. However, between Q2 and Q3, RDP compromise fell from 33% to 22%, while software vulnerabilities fell from 15% to 8%.

At the same time, attacks with an “unknown” access vector surged from 21% to 39%.

Beazley argued that this could be due to several reasons.

“Organizations may rush to rebuild in an effort to either restore systems or to contain the attack, but that can destroy valuable sources of data that would help determine how the intrusion occurred and what the threat actor did. Poor log configuration or retention practices may also play a part,” the report explained.

“Finally, threat actors are increasingly using anti-forensics techniques to obscure their activities – an important reminder that a defense-in-depth approach is more essential than ever for organizations to prevent malicious activity after an intrusion and to remain resilient.”

What’s Hot on Infosecurity Magazine?