Double the BEC attacks, stay ahead of the ransomware

BEC cyberattacks do not require serious technical skills and are lucrative for crooks (photo: CC0 Public Domain)

The number of business email compromise (BEC) attacks has doubled in 2022 thanks to a series of massive and successful phishing campaigns. BECs are now displacing ransomware as the most commonly observed vector for financially motivated cyberattacks, according to data from Secureworks.

The numbers show that the topic of advanced AI-based threats is dominating cybersecurity discussions, but meanwhile, another form of virtual attack is roaming the digital IT systems of organizations of all types – the compromise of business email. It is based not so much on artificial intelligence as on classical social engineering.

The essence of VES

BEC is a form of compromise where cybercriminals “woo” an employee with access to the organization’s finances and convince them to transfer money to them. Most often, for this purpose, the fraudster convincingly presents himself as the employee’s direct manager or even as a representative of the organization’s top management.

Often such attacks occur at the end of the financial quarter. The trick is to create a sense of urgency. To do this, scammers refer to “urgent matters” or confidential topics that “must be responded to immediately.” In some of the common examples of BEC attacks, the fraudster may claim to need Amazon gift vouchers for an incentive or employee reward scheme.

BEC attacks now account for 33% of cyber incidents, up from 13% in 2021, the expert report said.

“Compromising business emails requires little or no technical skill, but can be extremely lucrative. Attackers can simultaneously phish multiple organizations looking for potential victims without needing to have specific skills or manage complex partnering models,” said Mike McLellan, director of research at Secureworks.


When it comes to exploiting software vulnerabilities, McLellan says cybercriminals are more opportunistic and don’t target specific targets. Figuratively speaking, they “go around the parking lot and see which doors are unlocked.” “Mass scanners will quickly show an attacker which devices they don’t have patched. If your internet-connected apps aren’t secure, you’re giving them the keys to your home. Once they’re in, the clock starts ticking.”

Less ransomware

Meanwhile, like other observers, Secureworks saw a whopping 57% drop in total ransomware incidents, likely due to a combination of factors including changing tactics among ransomware gangs and increased law enforcement activity.

In particular, the intervention of law enforcement agencies can distort the data to some extent. That’s because police are active around large, large-scale ransomware attacks, and that can prompt cybercriminals to focus their fire on smaller businesses. Smaller businesses are less likely to contact the police when responding to incidents. Therefore, they would not appear in the case statistics.

Slight decline in financially motivated attacks

Financially motivated attacks are believed to account for the majority of cyber incidents. They now make up 79% of the sample, which is down from previous years. This is probably due to the increase in attacks with political motives, a natural consequence of the geopolitical situation.

Surprisingly or not, much of the cyber-attacks with elements of political motives are linked less to Russia than to China, analysts note.

Leave a Reply

Your email address will not be published. Required fields are marked *