Security News > 2020 > August > Brand impersonation is a go-to tactic for attackers, especially for credential phishing and BEC attacks
Trends in BEC and email security during Q2 2020 included a peaking and plateauing of COVID-19-themed email attacks, an increase in BEC attack volume and acceleration of payment and invoice fraud, according to an Abnormal Security report.
There have been surges in COVID-19-themed email security attacks, which continued in Q2, with weekly campaign volume increasing 389% between Q1 and Q2. There has also been a continued increase in BEC attacks targeting finance department employees over C-level executives, which grew by 50% quarter-over-quarter.
"Keeping pace with change is critical, as attackers have continued to exploit enterprises' weak links - such as vendor and partner relationships - and are pushing more sophisticated and targeted BEC attacks than we've seen previously."
"Our analysis of BEC and email security trends in Q3 will certainly prove to be interesting as we expect a downward trend in COVID-19-related attacks, an uptick in attacks related to the 2020 election and a continued rise in BEC, as attackers find success with socially-engineered techniques that evade traditional email security defenses," said Reiser.
"Business leaders need to continue to focus on reviewing email security measures, most importantly examining BEC defenses, to ensure protection against attackers who are gaining steam."
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/DkYbgdnabT0/
Related news
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- GoIssue phishing tool targets GitHub developer credentials (source)
- VPN vulnerabilities, weak credentials fuel ransomware attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- GenAI makes phishing attacks more believable and cost-effective (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Inside the incident: Uncovering an advanced phishing attack (source)
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)