Email is still the most common attack surface for organisations, being the primary way of interacting with staff, customers, clients and partners.
According to an OAIC report, human error still dominates the latest data breach statistics. Social engineering has become increasingly effective for cybercriminals because while computers obey complex rules every time without skipping a beat, humans have emotions that can be preyed on, especially when they’re stressed or anxious. Practiced threat actors are masters of manipulation and will attempt to exploit people however they can.
What is a Business Email Compromise (BEC) attack?
Business email compromise (BEC) is a type of email attack where an attacker impersonates or compromises an email account to trick a target into sharing sensitive information or taking some unauthorised action.
Email attacks generally use spoofed copy and graphics that imitate common business processes—eg bill payments, password updates, delivery confirmations—with the aim to make just one of your targeted employees:
- click a link or file that will deploy malware to your company infrastructure
- provide information that will help attack your network, or be used in subsequent social engineering attempts
Once the ransomware is deployed on a system, all data is encrypted and held to ransom—per the name—until the victim pays a specified amount in cryptocurrency.
The scourge of ransomware is on the rise. We see it in the news more than ever because threats of data leaks are happening more often, with bigger bounties being paid out and incentivising more audacious attacks. The worst thing is that the stolen data can still be sold to the highest bidder or rendered irretrievable to its owners - even after the ransom is paid! Paying a ransom is no guarantee that you’ll get your data back.
Key findings over the past 12 months
Mimecast’s State of Email Security report reveals that over the course of last year:
- Overall, email attacks increased by 64%
- 79% of companies were hurt by their lack of cyber preparedness
- 70% of respondents surveyed said they expected their business to be harmed by an email-borne attack
- Since the beginning of the pandemic, the rate of employees clicking on malicious links increased 300%
How email attacks have evolved in 2021
A prime target for cybercriminals this year has been employees new to work from home arrangements, where attention is often diverted by household distractions, with new processes and systems adding to their mental load during busy or stressful times.
Both the volume and sophistication of attacks have increased rapidly, compounding the background issues around resourcing and movement restrictions. Threat actors were quick to take advantage of this confusion with a flood of new email attacks.
Comments:0
Add comment