The FBI has disclosed that more than $43 billion has been lost from business email compromise attacks between June 2016 and December 2021, with BEC attack-related losses spiking by 65% from July 2019 to December 2021, reports VentureBeat.
Significant BEC attack losses have not surprised LARES Consulting Senior Security Consultant Andy Gill, who noted that the figures may even be underestimated as many BEC incidents may have been unreported. "BEC attacks continue to be one of the most active attack methods utilized by criminals because they work. If they didn't work as well as they do, the criminals would switch tactics to something with a larger ROI," Gill added. Meanwhile, Delinea Chief Security Scientist and Advisory Chief Information Security Officer Joseph Carson noted inadequate resources among most organizations impacted by BEC attacks. "Victims sometimes prefer not to report incidents if the amount is quite small but those who fall for larger financial fraud BEC that amounts to thousands or even sometimes millions of U.S. dollars must report the incident in the hope that they could recoup some of the losses," said Carson.
Malware-free intrusions have become the leading cybersecurity threat against small- to medium-sized businesses, accounting for 56% of all cyber incidents during the third quarter, SiliconAngle reports.
Four high-severity Microsoft Exchange flaws reported by Trend Micro's Zero Day Initiative were noted by Microsoft to have been addressed or not need immediate servicing as required authentication would significantly reduce their odds of being exploited, SecurityWeek reports.
Email security: The current threat landscape, the latest tools/techniques
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news