There has been a 45% increase in BEC attacks in the past 3 months, according to a new analysis by cybersecurity firm Proofpoint. Not only are BEC attacks now occurring much more frequently, the sophistication of the attacks is also increasing.
The analysis was conducted on 5,000 of its enterprise customers over the past three months. 75% of its customers had experienced at least one BEC attempt in the first three months of 2016. Two thirds of those attacks spoofed the target’s email domain.
The analysis showed that all businesses are at risk of these types of cyberattacks. There appeared to be no correlation between the BEC attack volume and the size of the company. While successful attacks on large companies typically involve larger bank transfers, smaller companies are easier to attack as they tend to have fewer financial controls in place. The potential gains are lower, but the attacks have a higher success rate.
Companies in the manufacturing, technology, and retail industries are attacked more frequently, as attacks are easier due to more complex SaaS infrastructures and supply chains.
According to the report, the most common subject lines in these BEC messages are payment (30%), request (21%), urgent (21%), greeting (12%), blank (9%) and ‘where are you?’ (2%).
While CEO-to-CFO BEC attacks are still common, Proofpoint has noticed a much wider range of attacks are now being conducted, including CEO-to-different employee groups and an increase in BEC attacks to obtain sensitive data rather than fooling employees into making wire transfers.
BEC attacks can be difficult to detect and block. In contrast to most email-based attacks, BEC attacks do not typically incorporate any malicious hyperlinks or infected attachments. They just contain requests for employees to send data by return or contain instructions for urgent wire transfers.
Since the messages appear to have been sent internally from the CEO or CFO, employees can be easily fooled into sending money or disclosing sensitive data. The cost to the business of a successful BEC attack can be considerable. Fraudulent bank transfers of tens or hundreds of thousands of dollars can be made, and recovery of the funds may be impossible.
Proofpoint has developed a solution to help businesses detect and block these attacks. The firm incorporates DMARC-based technology in Proofpoint Email Protection, which helps identify the true sender of an email and blocks spoofed emails.