New research by Abnormal Security has found a growing trend in financial supply chain compromise as threat actors increasingly impersonate vendors.
Research from the AI-based, cloud-native email security platform notes that in January, the number of business email compromise (BEC) attacks impersonating external third parties exceeded those impersonating internal employees for the first time and has continued to outperform traditional internal impersonations throughout the year. .
Additionally, in May, third-party external phishing accounted for 52% of all BEC attacks seen by Abnormal Security, while internal phishing dropped to 48% of all attacks.
By contrast, internal phishing accounted for 60% of all attacks at this time last year, indicating a 30% year-over-year increase in third-party phishing.
Abnormal Security says that financial supply chain compromise is a subset of business email compromise, where cybercriminals exploit relationships with known or unknown third parties to carry out sophisticated attacks.
It adds that they intend to use the legitimacy of the vendor’s name to trick an unsuspecting employee into paying a fraudulent bill, changing billing account details, or sharing information about other customers to target.
Abnormal Security says these tactics are only becoming more of a threat, with one attack stopping the company from requesting $2.1 million for a bogus invoice.
The report examines four known types of financial supply chain compromise: vendor email compromise, old report theft, third-party reconnaissance, and blind third-party impersonation, each with varying levels of sophistication.
Whereas a vendor email compromise attack relies on the threat actor understanding business relationships and financial transaction timelines, a blind third party attack only uses traditional engineering tactics to solicit payments under the guise of stocks. imminent legal.
Abnormal Security’s research acknowledges that all four types of attacks have been successful, but says that those using legitimate compromised accounts are difficult to detect and can have disastrous consequences for the organizations they target.
“While financial supply chain compromise is not new, the rise in the use of third-party phishing tactics is concerning,” says director of threat intelligence at Abnormal Security Crane Hassold.
“Our threat intelligence team has uncovered increasingly sophisticated attacks that are nearly impossible for legacy systems or end users to detect, particularly because they come from real vendor accounts, hijack ongoing conversations, and reference legitimate transactions.”
According to the FBI, business email compromise has exposed businesses to $43 billion in losses over the last six years, and actual losses continue to grow year over year, accounting for 35% of all cybercrime losses in 2021 alone.
Abnormal Security says this new trend is just one example of how modern email threats have become more sophisticated and how cybercriminals continue to evolve and modify their strategies for greater success.
As employees have become more aware of traditional BEC attacks that rely on executive impersonation, threat actors have successfully begun to impersonate other entities, often leading to greater success.
“This shift toward financial supply chain attacks is another important milestone in the evolution of threat actors from low-value, low-impact threats like spam to high-value, high-impact targeted attacks,” adds Hassold. .
“And because they are successful, we expect this external phishing to continue to increase as a percentage of all attacks, ultimately dominating the BEC landscape for the foreseeable future.”
Abnormal says this change in attacker tactics is significant because it means the ultimate victims of financial supply chain attacks are not in control of the initial compromise.
This makes it more critical for companies to maintain a solid understanding of their supply chain.
Abnormal Security uses unique AI to pinpoint good behavior across internal and external identities and communications to address these issues.
Proprietary VendorBase technology identifies all vendors in a customer’s ecosystem to understand individual risk levels, using a federated database across all abnormal customers.
By identifying when a supplier may be at high risk for fraud, Abnormal Security knows when an email should be examined more closely for malicious activity, effectively preventing all forms of financial supply chain compromise.