Threatlist: Email Attacks Surge, Targeting Execs

Overall, the number of email fraud attacks per targeted company rose 25 percent from the previous quarter (to 35 on average) and 85 percent from the year-ago quarter.

There was a 36 percent increase in email attacks against businesses between the first and second quarters of 2018, with retail, healthcare and government experiencing the most business email compromise (BEC) attempts, according to a new report. Several trends emerged in the analysis period, including management landing more in cybercrime’s cross-hairs, and big spikes in email fraud.

Executives Over-Index in Attacks

While non-management and low-level management employees are most often targeted inside organizations, executives are over-represented when it comes to relative targeting.

Regular employees accounted for 60 percent of highly targeted malware and credential phishing attacks, according to the “Protecting People” report from Proofpoint (analyzing customer attack data gathered April through June 2018). Executives only received 23.5 percent and 5.2 percent of targeted attacks, respectively.

Email attacks surged in some categories.

However, this still “a disproportionately large share of attacks” for upper management, given how few executives there are compared the total workforce.

“With information about employees widely and freely available, they can find multiple ways inside your environment,” according to the report.

Email Fraud Spikes

Overall, the number of email fraud attacks per targeted company rose 25 percent from the previous quarter (to 35 on average) and 85 percent from the year-ago quarter. Most companies were targeted at least once.

“By its nature, email fraud targets specific companies and recipients,” the report noted. “It works by impersonating someone the recipient knows and trusts. The attacker may request a wire transfer or sensitive information. In either case, the order looks like an everyday business request.”

Some industries saw triple-digit increases from a year ago: The average number of email fraud attacks against automotive companies soared more than 400 percent. Education-related attacks jumped 250 percent.

Further, more than 65 percent of companies targeted by email fraud had the identities of more than five employees spoofed. That’s more than triple the proportion in the year-ago quarter, suggesting that fraudsters are getting more creative and finding new ways to target victims.

Other Trends

Other notable data points include the fact that ransomware rebounded during the study period, accounting for nearly 11 percent percent of the total malicious email volume after falling sharply in previous quarters from its top 2017 perch.

Ransomware rebounded in the summer.

And finally, domain fraud, where attackers use “lookalike domains” to establish trust and carry out email fraud, credential phishing, counterfeiting and more, disproportionately affect U.S. consumers, the report found. Nearly two-thirds of targeted companies saw some level of abuse of their domains, including fraudsters sending attacks that spoofed the recipient’s own employer.

Also, nearly a quarter (23 percent) of suspicious domains that imitate top U.S. brands have active MX records, meaning they can send fraudulent emails to unsuspecting customers and employees.

Suggested articles

plugX malware loader TA416

TA416 APT Rebounds With New PlugX Malware Variant

The TA416 APT has returned in spear phishing attacks against a range of victims – from the Vatican to diplomats in Africa – with a new Golang version of its PlugX malware loader.

Phishers Capitalize on Headlines with Breakneck Speed

Marking a pivot from COVID-19 scams, researchers track a single threat actor through the evolution from the pandemic to PayPal, and on to more timely voter scams — all with the same infrastructure.