Residential IPs leveraged for more concealed BEC attacks

New business email compromise attacks launched by threat actors in Asia and a country in Eastern Europe have been using residential IP addresses matching victims' locations in an effort to conceal malicious activity, according to SecurityWeek. Attackers leveraging residential IP addresses could not only conceal their movements but also avoid "impossible travel" detection flags and enable more attacks, a report from Microsoft revealed. "Residential IP addresses mapped to locations at scale provide the ability and opportunity for cybercriminals to gather large volumes of compromised credentials and access accounts. Threat actors are using IP/proxy services that marketers and others may use for research to scale these attacks," said the report. Such BEC attacks could be avoided through the creation of specific email rules blocking third-party messages, email security training for employees, implementation of robust authentication approaches and secure email systems, and the adoption of domain-based message authentication, reporting, and conformance policies, noted Microsoft.