Arctic Wolf: Firms tormented by business email compromise

Share
The Arctic Wolf Labs Threat Report for 2023 has been published. Picture: Arctic Wolf
Business email compromise attacks accounted for almost a third (29%) of Arctic Wolf's incident response cases in 2023, shows latest Arctic Wolf Labs report

Companies across all industries are being hit hard by business email compromise (BEC), according to newly-published research from Arctic Wolf

In its annual Arctic Wolf Labs Threat Report, the global leader in security operations revealed BEC attacks accounted for almost a third (29%) of its incident response cases last year.

Notably, around three in five (58%) victim organisations did not have multi-factor authentication (MFA) enabled on their email accounts. 

The Arctic Wolf Labs Threat Report is compiled every year using the company’s deep expanse of global threat, malware, digital forensics and incident response case data from across the entire security operations framework. 

Arctic Wolf Labs brings together Arctic Wolf’s elite security researchers, data scientists and security development engineers, with the unified goal of helping to end cyber risk for organisations around the globe.

Youtube Placeholder

BEC attacks ‘endemic’, finds Arctic Wolf Labs

Business email compromise continues to be endemic in the industry, writes Arctic Wolf Labs in its report, with the potential for large payouts continuing to motivate threat actors.

These incidents see attackers impersonate a trusted contact, before deceiving victims into transferring funds or revealing confidential information.

Threat actors gain access to a victim’s inbox using phishing or social engineering and, if undetected, have a window of opportunity to conduct their attack using the compromised account. 

BEC attacks that aren’t thwarted upon initial account compromise can be difficult to detect because they don’t always use malware or malicious URLs that can be analysed by standard cyber defences.

Data collected from Arctic Wolf’s own incident responses showed BEC came at a cost of US$182,000 to the finance and insurance industry in 2022, followed by business services (US$160,000).

The healthcare and manufacturing sectors paid out US$115,000 and US$112,000 respectively. 

    Business email compromise is impacting a growing number of organisations

    As Arctic Wolf points out, the scourge of BEC highlights the growing need for email MFA and robust security awareness training programmes for employees.

    Interestingly, 84% of BEC victims last year were using Microsoft Exchange Online

    Key insights from the Arctic Wolf Labs Threat Report

    Insights from Arctic Wolf Labs’ report have revealed a year of turbulence within the threat actor community, with Russia’s invasion of Ukraine disrupting the operations of top ransomware groups.

    Meanwhile, the long tail of Log4Shell and ProxyShell continued to be exploited.

    Findings of note include:

    • The war in Ukraine significantly disrupted the activity of threat actor groups in both countries, influencing a 26% year-on-year decline in observed ransomware cases globally
    • LockBit established itself as the dominant ransomware group, with the e-crime organisation having 248% more victims than BlackCat (ALPHV), the second most active group
    • Despite being initially disclosed in 2021, vulnerabilities in Microsoft Exchange (ProxyShell) and Log4j (Log4Shell) continued to be the top two root points of compromise (RPOC) for Arctic Wolf’s incident response cases
    Daniel Thanos, Vice President and Head of Arctic Wolf Labs. Picture: LinkedIn

    Daniel Thanos, Vice President and Head of Arctic Wolf Labs, said: “Arctic Wolf’s global scale and expansive solution set provides Arctic Wolf Labs with access to trillions of weekly security events that not only enable us to deliver positive security outcomes for our customers, through better detections and AI models, but also allow us to publish truly novel threat research to the security community-at-large.

    “We believe the insight and recommendations contained in the Arctic Wolf Labs Threat Report are essential reading for both IT decision-makers and cybersecurity practitioners looking to better understand the complex threat landscape, so that they can best defend their most valuable assets from cyberattacks.

    “Many of the emerging attack techniques demonstrate a higher level of threat actor sophistication, geared to evade traditional defences, which means organisations need to advance their threat protection beyond the basics to secure their data.”

    Read the full report: Arctic Wolf Labs Threat Report 2023

    Share

    Featured Articles

    Resilience: Firms Fail to Grasp Cyber Financial Impact

    Resilience and YouGov survey reveals 74% of mid to large UK businesses face cybercrime, while ransomware understanding lags behind data breach concerns

    SonicWall and CrowdStrike Unite for SMB Security Service

    SonicWall partners with endpoint protection specialist CrowdStrike to offer managed detection and response capabilities through managed service providers

    FS-ISAC CISO Talks Cyber Strategies for Financial Providers

    FS-ISAC CISO JD Denning explains the cyber strategies financial providers need to adopt in order to stay afloat in the wave of cyber attacks

    Darktrace Reports 692% Surge in Black Friday Cyber Scams

    Cyber Security

    KnowBe4 Launches AI Agents to Counter Phishing Threats

    Technology & AI

    Gen Reports 614% Rise in Command Prompt Manipulation Scams

    Cyber Security