There was a 36 percent increase in email attacks against businesses between the first and second quarters of 2018, with retail, healthcare and government experiencing the most business email compromise (BEC) attempts, according to a new report. Several trends emerged in the analysis period, including management landing more in cybercrime’s cross-hairs, and big spikes in email fraud.
Executives Over-Index in Attacks
While non-management and low-level management employees are most often targeted inside organizations, executives are over-represented when it comes to relative targeting.
Regular employees accounted for 60 percent of highly targeted malware and credential phishing attacks, according to the “Protecting People” report from Proofpoint (analyzing customer attack data gathered April through June 2018). Executives only received 23.5 percent and 5.2 percent of targeted attacks, respectively.
However, this still “a disproportionately large share of attacks” for upper management, given how few executives there are compared the total workforce.
“With information about employees widely and freely available, they can find multiple ways inside your environment,” according to the report.
Email Fraud Spikes
Overall, the number of email fraud attacks per targeted company rose 25 percent from the previous quarter (to 35 on average) and 85 percent from the year-ago quarter. Most companies were targeted at least once.
“By its nature, email fraud targets specific companies and recipients,” the report noted. “It works by impersonating someone the recipient knows and trusts. The attacker may request a wire transfer or sensitive information. In either case, the order looks like an everyday business request.”
Some industries saw triple-digit increases from a year ago: The average number of email fraud attacks against automotive companies soared more than 400 percent. Education-related attacks jumped 250 percent.
Further, more than 65 percent of companies targeted by email fraud had the identities of more than five employees spoofed. That’s more than triple the proportion in the year-ago quarter, suggesting that fraudsters are getting more creative and finding new ways to target victims.
Other notable data points include the fact that ransomware rebounded during the study period, accounting for nearly 11 percent percent of the total malicious email volume after falling sharply in previous quarters from its top 2017 perch.
And finally, domain fraud, where attackers use “lookalike domains” to establish trust and carry out email fraud, credential phishing, counterfeiting and more, disproportionately affect U.S. consumers, the report found. Nearly two-thirds of targeted companies saw some level of abuse of their domains, including fraudsters sending attacks that spoofed the recipient’s own employer.
Also, nearly a quarter (23 percent) of suspicious domains that imitate top U.S. brands have active MX records, meaning they can send fraudulent emails to unsuspecting customers and employees.