Dive Brief:
- Business email compromise attacks are on the rise and becoming more sophisticated as threat actors are shifting tactics to evade detection, Microsoft found.
- Hackers are increasingly using platforms such as BulletProftLink, a platform that can scale BEC attacks to industrial-level campaigns.
- Threat groups are then leveraging residential internet protocol addresses to make the attacks appear to be locally generated. By masking the origin of the attacks, these hacking groups can evade “impossible travel” alerts that are designed to detect suspicious activity.
Dive Insight:
The change in tactics comes amid a recent upswing in BEC attacks. The FBI reported more than 21,830 complaints about BEC attacks in 2022, with adjusted losses of more than $2.7 billion.
Data from Microsoft’s Digital Crimes Unit indicates a 38% increase in cybercrime as a service targeting business email between 2019 and 2022.
“The recent increase in BEC attacks can be attributed to the industrialization of the cybercrime economy, which has lowered the barrier to entry for criminals,” Peter Anaman, principal investigator for Microsoft’s DCU, said via email.
The BEC threats underscore how the “as a service” model has impacted cybercrime. Criminal groups are offering services to anyone who is willing to pay.
CaaS platforms specializing in BEC are offering end-to-end services for launching phishing attacks, according to Anaman.
Threat actors are using phishing as a service, such as Evil Proxy, Naked Pages and Caffeine, to help launch phishing campaigns. However, BulletProftLink has a decentralized gateway design that uses public blockchain nodes to create a more decentralized operation, making it more difficult to disrupt.
BEC attacks have targeted senior executives who generally have privileged access to financial information and employee records, including financial managers and human resources staff. These executives may have access to employee information like tax statements, Social Security numbers and other PII.