According to the latest release of Microsoft’s Cyber Signals report, the number of cyberattacks targeting business email has increased by 38% over the past three years. Attempted BEC attacks can take many forms, such as emails, phone calls, text messages. The main targets are executives, financial managers and HR employees who have access to personal and financial data.
Microsoft has released the fourth edition of its Cyber Signals report, a synthesis of cyber threats that highlights security data and trends based on 65 trillion signals analyzed daily by more than 8,500 security experts.
In a new report, Microsoft reports on the rise in cyberattacks aimed at compromising business email (BEC), common tactics used by BEC operators, and offers recommendations on how organizations can defend against these attacks.
Business email hacking (BEC), a phishing attack that targets organizations and governments to steal money or sensitive information, is on the rise.
Cyber signals Conclusions
- 35 million BEC attack attempts with an average of 156,000 per day were detected and investigated by Microsoft Threat Intelligence within one year;
- 38% growth in cybercrime as a service targeting business email between 2019 and 2022;
- 417,678 successful removals of malicious links by Microsoft’s Digital Crimes Unit between May 2022 and April 2023;
Microsoft has noticed a trend of attackers using platforms like BulletProftLink, a popular service to create malicious email campaigns on an industrial scale.
“No organization is immune to BEC attacks. One of the key findings of the Microsoft Digital Defense 2022 report is that there are 921 password attacks every second, which is 74% more than last year, says Bohdan Putinica, Microsoft’s regional manager for Romania and Moldova.
Attempted BEC attacks can take many forms, such as emails, phone calls, text messages. The main targets are directors, financial managers, HR employees who have access to personal and financial data, as well as new employees. While attackers have created specialized tools to facilitate business email fraud, including phishing kits and verified email address lists, there are methods organizations can use to prevent attacks and reduce risk:
Protection tips
- Use cloud applications that leverage AI capabilities like machine learning to improve security by adding advanced phishing protection and suspicious redirect detection.
- Protect personal data by controlling access to applications and data with Zero Trust and automated identity management.
- Use a secure payment platform by switching from emailed invoicing to a custom-designed payment authentication system.
- Train employees to identify fraudulent and other malicious emails.
Source: Hot News
Ashley Bailey is a talented author and journalist known for her writing on trending topics. Currently working at 247 news reel, she brings readers fresh perspectives on current issues. With her well-researched and thought-provoking articles, she captures the zeitgeist and stays ahead of the latest trends. Ashley’s writing is a must-read for anyone interested in staying up-to-date with the latest developments.