Given the current security landscape, successful BEC attacks have become more costly, and hackers are trying out new ways to evade security detections.
CISOs across industries are continually tackling the surging phishing attacks, especially BEC attacks in this unprecedented era. Such attacks are inexpensive and easy to accomplish as they are a no-brainer for the threat actors. Currently, BEC attacks have significantly risen with the explosion in invoice and payment fraud.
Experts suggest that business leaders need to upgrade their security infrastructure to slow down this trend. In fact, the number of phishing attacks almost doubled through 2020. A recent study by APWG revealed that cyber-attacks peaked in October 2020 as high as 225,304 new phishing sites appearing in the month alone. This has broken all the previous month-wise records.
According to Axur, Brazil saw a slower progression in the number of attacks that targeted Brazilian consumers and companies. However, as a whole, it observed nearly twice as many such phishing sites in 2020 compared to what it did in 2019 – which is a concerning, rapid YOY growth.
Certainly, phishing attackers are mostly targeted and have been aiming at financial institutions mostly. OpSec Security revealed phishing that under the attack of financial organizations saw the most considerable growth in the fourth quarter of 2020. It accounts for about 22.5% of all the cyber-attacks. This category surpassed webmail and SaaS that experienced 22.2% of the overall attacks.
On a positive note, phishing against the social media division declined slightly – to around 11.8%. This is primarily due to the increased social media usage during the US presidential election. Within Brazil, Axur also found phishing on e-commerce websites constituted 45%. Indeed, cyber criminals are making the most out of the consumers who are stuck at home while using online shopping apps amid the pandemic.
Moreover, BEC attacks have been one of the most damaging categories of internet crimes, claimed Agari in its latest study. The attacks that sought wire transfers from victim enterprises sought an average of almost $75,000 – this is a 56% increase from $48,000 from 3Q20, making it a successful cyber-attack type.
Apparently, the increase is mainly due to the rebirth in BEC campaigns from the Cosmic Lynx – a sophisticated crime group based in Russia. A BEC attack in progress was found where the wire transfer demand was for a whopping $999,600 price.
Furthermore, there has rapid use of domain names for phishing attacks, and it seems that a majority of the domain names used for such acts have not compromised the infrastructure. They are mainly malicious domain name registrations twisted by malicious actors.
The security researchers observed these criminal domain name registrations were focused at a few registrars and also in some of the top-level domains. Besides, the phishers have been increasingly deploying encryption to trick users by making them realize that phishing websites are safe and legitimate.
As a result, given the ongoing cyber-security ecosystem, businesses are actively implementing advanced technology solutions – to predict and protect their users from the rising phishing threats.