SolarWinds-style email compromise attacks go mainstream

No Comments
Malicious email

The supply chain attack involving SolarWinds software last year has caused ripples throughout the cybersecurity industry, not least because it went undetected for nine months.

The attack was able to bypass traditional email security by exploiting trusted communications routes between vendors and customers. A worrying new report from Abnormal Security shows that this technique is becoming a mainstream attack vector.

Between the third quarter of 2020 and January 2021, the chance of companies getting hit with a vendor email compromise (VEC) attack during any given week increased 82 percent with the potential cost through various forms of fraud being as much as $1.6 million per attack.

Companies had a 50 percent chance of getting hit with a VEC attack at least once in Q4 compared to 40.2 percent in Q3. While VEC cases in which the attacker poses as an existing vendor or customer were sent from a compromised account 9.5 percent of the time in Q4, up from 7.1 percent in Q3.

Looking at business email compromise more widely, invoice/payment fraud is the most predominant form of email compromise attack, increasing 44.5 percent from Q3 to Q4. Perhaps unsurprisingly COVID-19-related invoice/payment fraud attacks increased 107 percent in Q4. Attacks have risen across industries, up 9.5 percent between Q3 and Q4.

"Throughout 2020, threat actors have increased attacks on enterprises using novel and sophisticated social engineering techniques to infiltrate trusted supply chain communications," says Evan Reiser, CEO and co-founder of Abnormal Security. "To stop these attacks, large enterprises need the right technical controls to identify vendors that have been compromised. This is possible with a real-time risk assessment of vendors and customers communicating with your organization to stop supply chain fraud, which Abnormal uniquely delivers through VendorBase. With this, enterprises can protect themselves against the next SolarWinds vendor email compromise attack."

The full report is available from the Abnormal Security site.

Photo Credit: Balefire/Shutterstock

No Comments

Comments are closed.

Got News? Contact Us

Recent Headlines

Get 'Applied Machine Learning and AI for Engineers' (worth $67.99) for FREE

Best Windows apps this week

The dynamics of modern Windows device management [Q&A]

Netflix says it will no longer share details of subscriber numbers

Microsoft releases preview version of Office 2024 for Windows and macOS -- download it now!

TEAMGROUP unveils MP44Q M.2 PCIe 4.0 SSD

Cyberwarfare incidents reported by almost half of UK firms

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.4.0 'pl'

61 Comments

Windows 11 slammed for its 'comically bad' performance even on high-end hardware

18 Comments

Outrageous: Microsoft to charge $61 for Windows 10 updates -- consider switching to Linux!

17 Comments

Microsoft 'improves' Windows 11 by bringing ads to the Start menu in the US

16 Comments

Microsoft is up to its old tricks yet again -- Windows 10 users harassed with full-screen Windows 11 upgrade warnings

16 Comments

Easter giveaway! Get a licensed copy of 'VideoProc Converter for Windows/Mac' (worth $78.90) for FREE

10 Comments

The stunning Windows 13 -- yes, 13! -- is the Microsoft operating system we want

9 Comments

EndeavourOS ARM discontinued: A huge loss for the Linux community

9 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.