Microsoft Warns of Increase in Business Email Compromise Attacks

Written by

Microsoft has released a new report warning companies about the alarming surge in business email compromise (BEC) attacks and the evolving tactics employed by cyber-criminals. 

The Cyber Signals report, titled “The Confidence Game,” provides a comprehensive analysis of the threat landscape from April 2022 to April 2023, suggesting the company’s systems currently detect and investigate an average of 156,000 BEC attacks daily. These attacks have increased significantly by 38% over the past four years.

Read more on this trend: BEC Volumes Double on Phishing Surge

According to Microsoft’s findings, attackers have increasingly utilized platforms like BulletProftLink to orchestrate large-scale malicious email campaigns. BulletProftLink offers cyber-criminals an end-to-end service, including templates, hosting and automated services, enabling them to execute BEC attacks easily. 

By purchasing IP addresses matching the victim’s location, attackers can mask their origin, making tracking and attributing their activities challenging. This tactic has been predominantly observed in Asia and Eastern European nations.

Additionally, Microsoft warned that the specialization and consolidation of the cybercrime economy in this sector could lead to a rise in the use of residential IP addresses to evade detection. Cyber-criminals typically leverage these addresses to gather compromised credentials and access accounts, resulting in potentially devastating financial losses for organizations.

The report also highlighted the growing sophistication of BEC attacks. While traditional ‘phishing-as-a-service’ tools are still prevalent, the aforementioned BulletProftLink, for instance, employs a decentralized gateway design, utilizing public blockchain nodes to host phishing and BEC sites. The decentralized approach consequently makes it significantly harder to disrupt these malicious activities.

Microsoft mentioned figures from the FBI’s Recovery Asset Team, who recorded 2838 BEC complaints in 2022 involving domestic transactions with potential losses exceeding $590m.

To combat the rising threat, Microsoft recommends several proactive measures. These include maximizing security settings in email systems, enabling notifications for unverified email senders and blocking suspicious identities. 

Strong authentication, such as multi-factor authentication and passwordless technology, is also crucial to safeguarding email accounts. Additionally, organizations should invest in training their employees to recognize warning signs of BEC attacks and adopt secure payment platforms to authenticate transactions.

What’s hot on Infosecurity Magazine?