Article
Cyber Security

Arctic Wolf: Firms tormented by business email compromise

By Tom Chapman
March 24, 2023
undefined mins
The Arctic Wolf Labs Threat Report for 2023 has been published. Picture: Arctic Wolf
The Arctic Wolf Labs Threat Report for 2023 has been published. Picture: Arctic Wolf
Business email compromise attacks accounted for almost a third (29%) of Arctic Wolf's incident response cases in 2023, shows latest Arctic Wolf Labs report

Companies across all industries are being hit hard by business email compromise (BEC), according to newly-published research from Arctic Wolf

In its annual Arctic Wolf Labs Threat Report, the global leader in security operations revealed BEC attacks accounted for almost a third (29%) of its incident response cases last year.

Notably, around three in five (58%) victim organisations did not have multi-factor authentication (MFA) enabled on their email accounts. 

The Arctic Wolf Labs Threat Report is compiled every year using the company’s deep expanse of global threat, malware, digital forensics and incident response case data from across the entire security operations framework. 

Arctic Wolf Labs brings together Arctic Wolf’s elite security researchers, data scientists and security development engineers, with the unified goal of helping to end cyber risk for organisations around the globe.

BEC attacks ‘endemic’, finds Arctic Wolf Labs

Business email compromise continues to be endemic in the industry, writes Arctic Wolf Labs in its report, with the potential for large payouts continuing to motivate threat actors.

These incidents see attackers impersonate a trusted contact, before deceiving victims into transferring funds or revealing confidential information.

Threat actors gain access to a victim’s inbox using phishing or social engineering and, if undetected, have a window of opportunity to conduct their attack using the compromised account. 

BEC attacks that aren’t thwarted upon initial account compromise can be difficult to detect because they don’t always use malware or malicious URLs that can be analysed by standard cyber defences.

Data collected from Arctic Wolf’s own incident responses showed BEC came at a cost of US$182,000 to the finance and insurance industry in 2022, followed by business services (US$160,000).

The healthcare and manufacturing sectors paid out US$115,000 and US$112,000 respectively. 

    Business email compromise is impacting a growing number of organisations

    As Arctic Wolf points out, the scourge of BEC highlights the growing need for email MFA and robust security awareness training programmes for employees.

    Interestingly, 84% of BEC victims last year were using Microsoft Exchange Online

    Key insights from the Arctic Wolf Labs Threat Report

    Insights from Arctic Wolf Labs’ report have revealed a year of turbulence within the threat actor community, with Russia’s invasion of Ukraine disrupting the operations of top ransomware groups.

    Meanwhile, the long tail of Log4Shell and ProxyShell continued to be exploited.

    Findings of note include:

    • The war in Ukraine significantly disrupted the activity of threat actor groups in both countries, influencing a 26% year-on-year decline in observed ransomware cases globally
    • LockBit established itself as the dominant ransomware group, with the e-crime organisation having 248% more victims than BlackCat (ALPHV), the second most active group
    • Despite being initially disclosed in 2021, vulnerabilities in Microsoft Exchange (ProxyShell) and Log4j (Log4Shell) continued to be the top two root points of compromise (RPOC) for Arctic Wolf’s incident response cases
    Daniel Thanos, Vice President and Head of Arctic Wolf Labs. Picture: LinkedIn

    Daniel Thanos, Vice President and Head of Arctic Wolf Labs, said: “Arctic Wolf’s global scale and expansive solution set provides Arctic Wolf Labs with access to trillions of weekly security events that not only enable us to deliver positive security outcomes for our customers, through better detections and AI models, but also allow us to publish truly novel threat research to the security community-at-large.

    “We believe the insight and recommendations contained in the Arctic Wolf Labs Threat Report are essential reading for both IT decision-makers and cybersecurity practitioners looking to better understand the complex threat landscape, so that they can best defend their most valuable assets from cyberattacks.

    “Many of the emerging attack techniques demonstrate a higher level of threat actor sophistication, geared to evade traditional defences, which means organisations need to advance their threat protection beyond the basics to secure their data.”

    Read the full report: Arctic Wolf Labs Threat Report 2023

    CybersecurityArctic WolfBusiness Email Compromise
    Share
    Share

    Featured Articles

    Tech & AI LIVE: Key Events that are Vital for Cybersecurity

    Connecting the world’s technology and AI leaders, Tech & AI LIVE returns in 2024, find out more on what’s to come in 2024

    MWC Barcelona 2024: The Future is Connectivity

    Discover the latest in global technology and connectivity at MWC Barcelona 2024, where industry giants converge to discuss 5G, AI and more industry trends

    AI-Based Phishing Scams Are On The Rise This Valentine’s Day

    Research from Egress Threat Intelligence, Avast, Cequence Security & KnowBe4 outlines how AI is being used in dating app phishing scams on Valentine’s Day

    Speaker Lineup Announced for Tech Show London 2024

    Technology & AI

    Darktrace predicts AI deepfakes and cloud vulnerabilities

    Cloud Security

    Secure 2024: AI’s impact on cybersecurity with Integrity360

    Technology & AI