Trends in BEC Attacks
BEC attacks have been continuously evolving, with the use of Artificial Intelligence (AI) tools like ChatGPT expected to fuel further attacks. According to Armorblox, based on data gathered across more than 58,000 customer tenants, attackers use language as the primary attack vector to impersonate trusted SaaS applications, vendors, and VIPs.
Among all BEC attacks seen over the past year, 57% relied on language as the main attack vector to get them in front of unsuspecting employees. This trend proved to be persistent and prevalent, with language remaining the main attack vector in four out of five (77%) BEC attacks that bypassed legacy solutions in 2022.
In 2022, half of all account compromise attacks targeted SMBs (58%). These attacks often involve bad actors infiltrating legitimate business workflows to steal sensitive business information, such as user login credentials (52%).
Furthermore, vendor compromise and fraud are rising as a new attack vector. More than half of vendor compromise attacks targeted technology organizations (53%). Business workflows involving email notifications were the most compromised, a significant uptick over 2021.
Graymail or unwanted solicitation is also wasting 27 hours of time for security teams each week, with 20% of BEC attacks involving graymail. In 2022, half of all attacks bypassed legacy security filters (56%).
Phishing attacks also increased by 70% over 2022, compared to 63% in the previous year. Financial fraud attacks such as payroll, payment, and invoice fraud also increased by 72% over 2022 and are expected to continue to rise in 2023 with banking turmoil in the headlines.
Vulnerability of SMBs
SMBs are particularly vulnerable to vendor fraud and supply chain email attacks. With the widespread use of email for business communications, it is expected that in 2023, there will be a significant increase in the total number of BEC emails flooding user mailboxes inside organizations.
With an increasing hybrid approach to work, more campaigns will rise that use work-from-home-related reasons to target employees. Therefore, it is crucial for organizations to augment native and legacy security layers with modern API-based solutions that use a broad set of deep learning algorithms, machine learning models, data science approaches, and natural language-based techniques to understand the content and context of communications and protect against these targeted attacks.
According to DJ Sampath, CEO of Armorblox, "These attacks only increase the critical need for organizations to augment native and legacy security layers with modern API-based solutions that use a broad set of deep learning algorithms, machine learning models, data science approaches, and natural language-based techniques to understand the content and context of communications and protect against these targeted attacks."
