Arctic Wolf: Firms tormented by business email compromise
Companies across all industries are being hit hard by business email compromise (BEC), according to newly-published research from Arctic Wolf.
In its annual Arctic Wolf Labs Threat Report, the global leader in security operations revealed BEC attacks accounted for almost a third (29%) of its incident response cases last year.
Notably, around three in five (58%) victim organisations did not have multi-factor authentication (MFA) enabled on their email accounts.
The Arctic Wolf Labs Threat Report is compiled every year using the company’s deep expanse of global threat, malware, digital forensics and incident response case data from across the entire security operations framework.
Arctic Wolf Labs brings together Arctic Wolf’s elite security researchers, data scientists and security development engineers, with the unified goal of helping to end cyber risk for organisations around the globe.
BEC attacks ‘endemic’, finds Arctic Wolf Labs
Business email compromise continues to be endemic in the industry, writes Arctic Wolf Labs in its report, with the potential for large payouts continuing to motivate threat actors.
These incidents see attackers impersonate a trusted contact, before deceiving victims into transferring funds or revealing confidential information.
Threat actors gain access to a victim’s inbox using phishing or social engineering and, if undetected, have a window of opportunity to conduct their attack using the compromised account.
BEC attacks that aren’t thwarted upon initial account compromise can be difficult to detect because they don’t always use malware or malicious URLs that can be analysed by standard cyber defences.
Data collected from Arctic Wolf’s own incident responses showed BEC came at a cost of US$182,000 to the finance and insurance industry in 2022, followed by business services (US$160,000).
The healthcare and manufacturing sectors paid out US$115,000 and US$112,000 respectively.
As Arctic Wolf points out, the scourge of BEC highlights the growing need for email MFA and robust security awareness training programmes for employees.
Interestingly, 84% of BEC victims last year were using Microsoft Exchange Online.
Key insights from the Arctic Wolf Labs Threat Report
Insights from Arctic Wolf Labs’ report have revealed a year of turbulence within the threat actor community, with Russia’s invasion of Ukraine disrupting the operations of top ransomware groups.
Meanwhile, the long tail of Log4Shell and ProxyShell continued to be exploited.
Findings of note include:
- The war in Ukraine significantly disrupted the activity of threat actor groups in both countries, influencing a 26% year-on-year decline in observed ransomware cases globally
- LockBit established itself as the dominant ransomware group, with the e-crime organisation having 248% more victims than BlackCat (ALPHV), the second most active group
- Despite being initially disclosed in 2021, vulnerabilities in Microsoft Exchange (ProxyShell) and Log4j (Log4Shell) continued to be the top two root points of compromise (RPOC) for Arctic Wolf’s incident response cases
Daniel Thanos, Vice President and Head of Arctic Wolf Labs, said: “Arctic Wolf’s global scale and expansive solution set provides Arctic Wolf Labs with access to trillions of weekly security events that not only enable us to deliver positive security outcomes for our customers, through better detections and AI models, but also allow us to publish truly novel threat research to the security community-at-large.
“We believe the insight and recommendations contained in the Arctic Wolf Labs Threat Report are essential reading for both IT decision-makers and cybersecurity practitioners looking to better understand the complex threat landscape, so that they can best defend their most valuable assets from cyberattacks.
“Many of the emerging attack techniques demonstrate a higher level of threat actor sophistication, geared to evade traditional defences, which means organisations need to advance their threat protection beyond the basics to secure their data.”
Read the full report: Arctic Wolf Labs Threat Report 2023