Arctic Wolf: Firms tormented by business email compromise

The Arctic Wolf Labs Threat Report for 2023 has been published. Picture: Arctic Wolf
Business email compromise attacks accounted for almost a third (29%) of Arctic Wolf's incident response cases in 2023, shows latest Arctic Wolf Labs report

Companies across all industries are being hit hard by business email compromise (BEC), according to newly-published research from Arctic Wolf

In its annual Arctic Wolf Labs Threat Report, the global leader in security operations revealed BEC attacks accounted for almost a third (29%) of its incident response cases last year.

Notably, around three in five (58%) victim organisations did not have multi-factor authentication (MFA) enabled on their email accounts. 

The Arctic Wolf Labs Threat Report is compiled every year using the company’s deep expanse of global threat, malware, digital forensics and incident response case data from across the entire security operations framework. 

Arctic Wolf Labs brings together Arctic Wolf’s elite security researchers, data scientists and security development engineers, with the unified goal of helping to end cyber risk for organisations around the globe.

Youtube Placeholder

BEC attacks ‘endemic’, finds Arctic Wolf Labs

Business email compromise continues to be endemic in the industry, writes Arctic Wolf Labs in its report, with the potential for large payouts continuing to motivate threat actors.

These incidents see attackers impersonate a trusted contact, before deceiving victims into transferring funds or revealing confidential information.

Threat actors gain access to a victim’s inbox using phishing or social engineering and, if undetected, have a window of opportunity to conduct their attack using the compromised account. 

BEC attacks that aren’t thwarted upon initial account compromise can be difficult to detect because they don’t always use malware or malicious URLs that can be analysed by standard cyber defences.

Data collected from Arctic Wolf’s own incident responses showed BEC came at a cost of US$182,000 to the finance and insurance industry in 2022, followed by business services (US$160,000).

The healthcare and manufacturing sectors paid out US$115,000 and US$112,000 respectively. 

    Business email compromise is impacting a growing number of organisations

    As Arctic Wolf points out, the scourge of BEC highlights the growing need for email MFA and robust security awareness training programmes for employees.

    Interestingly, 84% of BEC victims last year were using Microsoft Exchange Online

    Key insights from the Arctic Wolf Labs Threat Report

    Insights from Arctic Wolf Labs’ report have revealed a year of turbulence within the threat actor community, with Russia’s invasion of Ukraine disrupting the operations of top ransomware groups.

    Meanwhile, the long tail of Log4Shell and ProxyShell continued to be exploited.

    Findings of note include:

    • The war in Ukraine significantly disrupted the activity of threat actor groups in both countries, influencing a 26% year-on-year decline in observed ransomware cases globally
    • LockBit established itself as the dominant ransomware group, with the e-crime organisation having 248% more victims than BlackCat (ALPHV), the second most active group
    • Despite being initially disclosed in 2021, vulnerabilities in Microsoft Exchange (ProxyShell) and Log4j (Log4Shell) continued to be the top two root points of compromise (RPOC) for Arctic Wolf’s incident response cases
    Daniel Thanos, Vice President and Head of Arctic Wolf Labs. Picture: LinkedIn

    Daniel Thanos, Vice President and Head of Arctic Wolf Labs, said: “Arctic Wolf’s global scale and expansive solution set provides Arctic Wolf Labs with access to trillions of weekly security events that not only enable us to deliver positive security outcomes for our customers, through better detections and AI models, but also allow us to publish truly novel threat research to the security community-at-large.

    “We believe the insight and recommendations contained in the Arctic Wolf Labs Threat Report are essential reading for both IT decision-makers and cybersecurity practitioners looking to better understand the complex threat landscape, so that they can best defend their most valuable assets from cyberattacks.

    “Many of the emerging attack techniques demonstrate a higher level of threat actor sophistication, geared to evade traditional defences, which means organisations need to advance their threat protection beyond the basics to secure their data.”

    Read the full report: Arctic Wolf Labs Threat Report 2023

    Share

    Featured Articles

    Hiddenlayer CSO Tells Why It Made an AI Security Council

    Chief Security & Trust Officer at HiddenLayer Malcolm Harkins explains why the company felt the need to create an AI Security Council and its objectives

    Cooperation Key Theme at Microsoft Endpoint Security Summit

    The Microsoft Endpoint Security Summit brought together leaders in the cybersecurity industry to discuss strategies for securing endpoints on Windows

    Why the UK is Listing Data Centres as Critical Cyber Assets

    Being Western Europe's leader in number of Data Centres, the UK has decided to take steps to ensure they receive adequate protection from cyber threats

    Trustwave Reveals the Financial Sector's Cyber Threats

    Cyber Security

    TCS and Google Cloud Join for Solution to Secure the Cloud

    Technology & AI

    Cybersecurity Conglomerate Reveals Threats Facing Consumers

    Cyber Security