Security News > 2022 > June > Threat actors increasingly use third parties to run their scams

In January 2022, the number of business email compromise attacks impersonating external third parties surpassed those impersonating internal employees for the first time and has continued to exceed traditional internal impersonations in each month since.

These tactics are increasingly dangerous, with one attack stopped by Abnormal requesting $2.1 million for a fake invoice.

Whereas a vendor email compromise attack requires the threat actor to understand business relationships and financial transaction schedules, a blind third-party attack simply leverages traditional social engineering tactics to request payments using pretexts like impending legal actions.

"Our threat intelligence team has discovered increasingly sophisticated attacks that are nearly impossible for legacy systems or end users to detect, particularly because they come from real vendor accounts, hijack ongoing conversations, and reference legitimate transactions."

As employees become more aware of traditional BEC attacks that rely on executive impersonation, threat actors have successfully started to impersonate other entities-often with larger degrees of success.

Said Hassold, "This shift to financial supply chain attacks is another important milestone in the evolution of threat actors from low-value, low-impact threats like spam to targeted high-value, high-impact attacks. And because they are successful, we expect that this external impersonation will continue to rise as a percentage of all attacks, ultimately dominating the BEC landscape for the foreseeable future."

News URL

https://www.helpnetsecurity.com/2022/06/28/threat-actors-impersonate-vendors/