Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Business emails are now more dangerous than ransomware

security

When it comes to hackers looking solely for profit - ransomware is no longer the number one weapon of choice, new research has claimed.

Instead, their primary method is Business Email Compromise (BEC) attacks, a report from cybersecurity experts Secureworks analyzing more than 500 real-world security incidents that took place between January and December 2022 found, with the number of BEC incidents doubling to become the most common type of attack, dethroning ransomware. 

The company believes this explosive growth in BEC attacks has its roots in successful phishing campaigns, which account for a third (33%) of incidents where an initial access vector (IAV) could be established. A year ago, phishing accounted for merely 13% of incidents (up 3x year-on-year). Besides phishing, hackers would also look for system and application vulnerabilities, zero-day or otherwise. 

Low-skill attack

Ransomware incidents dropped by more than half (57%) last year, Secureworks added, but stated that it still remains a “core” threat. The drop could be, the researchers speculate, either due to the threat actors’ changing tactics, or due to law enforcement agencies getting better and hunting them down and shutting down their infrastructure. 

Another reason for the change could be because BEC are easier to pull off:

“Business email compromise requires little to no technical skill but can be extremely lucrative,” says Mike McLellan, Director of Intelligence at Secureworks. “Attackers can simultaneously phish multiple organizations looking for potential victims, without needing to employ advanced skills or operate complicated affiliate models”.

To make sure you stay safe from BEC attacks, educate your employees to spot phishing emails, and set up a strong email security system. Multi-factor authentication, wherever possible, will be of tremendous help. Furthermore, both employees and executives need to keep email access to themselves, and not share the login credentials with their coworkers, friends, and family. 

The news follows a warning from the FBI in May 2022 that BEC had grown into a $43 billion industry.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.