Business Email Compromise Attacks Spike in Q3

0 45


Business Email Compromise (BEC) Attacks Peak in Third Quarter of 2023, Huntress Reveals Risk report. Huntress provides a cybersecurity platform designed for managed service providers to protect their small and medium business (SMB) customers.

The Ellicott City, Maryland-based company said more than half of all attacks during Q3 were malware-free, meaning hackers used legitimate tools rather than malicious software.

A Huntress report found that 64% of identity-based incidents in Q3 2023 involved malicious forwarding or other malicious inbox rules, a key indicator of BEC. Another 24% of identity-focused incidents involve logos from unusual or suspicious locations.

Huntress recently added Microsoft 365 capabilities to its SMB platform to improve protection against BEC and account control attacks. SMBs can use MDR for Microsoft 365 to respond to suspicious logins, permission changes, and privileges.

“The threat landscape is not slowing down. Threat actors are growing their businesses to have a greater impact on SMBs, and our goal is to educate them and give them a fighting chance against the ever-changing enemy landscape,” said Joe Slowick, Huntress Threat Intelligence Manager.

A Closer Look at Q3 Cyber ​​Attacks: RMM Exploited

Other highlights from the study:

  • In Q3 2023, 56% of incidents were “malware-free” because adversaries used script wrappers or legitimate tools instead of malicious software.
  • 65% of incidents in Q3 2023 involved threat actors using remote monitoring and management (RMM) software, a lifeline for IT administrators, or credential harvesting to access victim environments to install RMM tools for access devices.
  • 25% of incidents saw attackers abusing built-in tools like PowerShell and WMI as a hacking strategy. Attackers have perfected the art of deception; They are trying to hide in the noise of legitimate networking activities or use off-the-ground tactics to avoid detection.
  • 60% of ransomware incidents are unclassified, unknown, or “unknown” types of ransomware. While we often hear about headline-grabbing ransomware components, many unknown ransomware strains are prevalent in the SMB space.



Source link

Leave A Reply

Your email address will not be published.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More