Repeatable VEC Attacks Target Critical Infrastructure

Written by

The threat of vendor email compromise (VEC) attacks has escalated, with recent data showing a sharp increase in such cyber-threats. 

According to a new report published by cybersecurity firm Abnormal Security earlier today, VEC attacks – a variant of business email compromise (BEC) – pose a significant risk to organizations worldwide. These attacks impersonate trusted individuals within the victim’s own organization.

The new figures show the likelihood of an organization falling victim to a VEC attack has risen from 45% in June 2022 to 70% in May 2023.

In a recent investigation, Abnormal Security uncovered a series of repeatable VEC attacks with a unique modus operandi. The attackers targeted multiple critical infrastructure organizations by compromising five vendor email accounts. 

Through these accounts, the threat actor orchestrated email attacks against 15 individuals across five customer organizations, including two healthcare companies, two logistics firms and one manufacturing company.

The attack involved sending emails from the compromised accounts and attempting to reroute outstanding and future invoices to a new bank account, following a fake updated payment policy. 

The most cunning aspect of these attacks was the use of familiar language and known domains, making them appear genuine and bypassing traditional security defenses.

Read more on phishing: BEC Volumes Double on Phishing Surge

While the emails contained subtle grammatical errors, they featured characteristics expected in legitimate vendor communications. These deceptive tactics, coupled with the absence of prior correspondence between senders and recipients, made the attacks challenging to detect for both human recipients and conventional email security solutions.

Abnormal noted that all the emails shared peculiar phrasing, including a reference to a “bogus check” and “opting out from check for now.” Additionally, the attacker used the same contact phone number across all emails, linking the attacks to a shared originator.

The security experts highlighted that traditional email security tools, designed to detect known indicators of compromise like malicious links and attachments, have struggled to counter VEC attacks due to their social engineering nature. 

As a result, cybersecurity leaders are increasingly turning to innovative technologies, such as behavioral AI, which can identify deviations from normal user behavior and patterns. By blocking suspicious messages before they reach employee inboxes, these advanced solutions offer a more proactive approach to cybersecurity.

What’s hot on Infosecurity Magazine?