Risk of SolarWinds-Style Attacks Through Vendor Email Compromise Increased 82%, Abnormal Threat Research Report Reveals

February 18, 2021

Research Shows The Same Technique Used in SolarWinds Attack is Accelerating and Targeting Numerous Downstream Industries; Stopping These Attacks Requires a New Approach to Security

SAN FRANCISCO — February 17, 2021Abnormal Security, a next-generation cloud email security company, today released a new threat research report that reveals an 82% increase in the chance of companies getting attacked through SolarWinds-style vendor email compromise (VEC) during any given week. The company also found that these attacks can be very costly as it recently detected and stopped a $1.6M VEC attack.

Based on an analysis of cyber-attacks on Fortune 1000 companies stopped by Abnormal Security from Q3 2020 to January 2021, the report, The Rising Threat of Vendor Email Compromise in a Post-SolarWinds Era, is the industry’s first benchmark of the risk and cost of vendor email compromise attacks. The report revealed that the average potential cost is 144% higher than losses from business email compromise (BEC) reported to the FBI’s Internet Complaint Crime Center (IC3).

“Throughout 2020, threat actors have increased attacks on enterprises using novel and sophisticated social engineering techniques to infiltrate trusted supply chain communications,” said Evan Reiser, CEO and co-founder of Abnormal Security. “To stop these attacks, large enterprises need the right technical controls to identify vendors that have been compromised. This is possible with a real-time risk assessment of vendors and customers communicating with your organization to stop supply chain fraud, which Abnormal uniquely delivers through VendorBase. With this, enterprises can protect themselves against the next SolarWinds vendor email compromise attack.”

The report released today is the latest in a quarterly research series on the state of vendor email compromise, which has focused on supply chain attacks. Through this research, Abnormal has observed a continuous increase in VEC attacks with the goal of stealing large sums of money from enterprises through invoice and payment fraud.

Key findings in today’s report illustrate the probability that enterprises will be targeted through vendor email compromise and the potential costs:

  • On a quarterly basis, companies had a 50% chance of getting hit with a VEC attack at least once in Q4 2020 vs. 40% in Q3;
  • Companies had a 23% chance of being targeted by a VEC attack during any given week in January 2021 vs. 13% in Q3;
  • The average potential cost of VEC attacks detected and stopped by Abnormal Security is $183,000 per attack;
  • Billing account update fraud is the costliest form of VEC attack – close to $300,000 on average per attack;
  • Threat actors continued to follow the money in Q4, as weekly VEC campaigns with the goal of invoice and payment fraud increased 45% from Q3 to Q4
  • Seven out of eight major industries tracked by Abnormal Security experienced a quarter-over-quarter increase in VEC attacks in Q4. These included Energy/Infrastructure, Finance, Hospitality, Media/TV, Retail/Consumer Goods & and Manufacturing, Services, and Technology.

Supply chain communications are trusted and typically convey a sense of urgency, making it easy for these types of attacks to blend in with legitimate and valid emails. Since the attacks come from trusted yet impersonated or compromised vendor accounts, organizations often cannot detect when an attack is underway until it is too late.

These attacks highlight the importance of solutions to ensure supply chain security like VendorBase, Abnormal’s global, federated database of vendor and customer behaviors to stop supply chain compromise. VendorBase continuously monitors communications between vendors and customers and provides a real-time, stateful risk assessment enabling the Abnormal AI-based threat detection engine to stop these targeted and sophisticated supply chain attacks that slip past secure email gateways.

To download the full Abnormal Security report, The Rising Threat of Vendor Email Compromise in a Post-SolarWinds Era, please visit here. To request a demo of VendorBase, please visit https://abnormalsecurity.com/request-demo/.

About Abnormal Security

Abnormal Security is a next-generation cloud email security company that protects enterprises from targeted email attacks, account compromise and supply chain compromise. Unlike legacy email security solutions, the Abnormal Security platform uses an innovative AI-based approach that deeply understands the people, relationships and business processes to stop the most sophisticated cyber-attacks. Abnormal Security is based in San Francisco, CA. More information is available at abnormalsecurity.com.


Ted Weismann
fama PR for Abnormal Security
(617) 396-7740

Related News & Press

Usa daily post logo
On a recent Price of Business show, Host Kevin Price interviewed former FBI cyber security expert, Crane Hassold. Crane Hassold is considered the foremost mind in email attacks and serves as Director of Threat Intelligence at Abnormal Security, the leading cloud email security platform.
Read More
The register logo
This summer, Abnormal Security discovered that some of its customers' staff were receiving emails inviting them to install ransomware on a company computer in return for a $1m share of the "profits".
Read More
Digital anarchist logo
Adtech and email security? Abnormal Security CEO Evan Reiser will tell us all about it and how he hopes his company can help. Listen to the podcast to learn more.
Read More
Help net security logo
Abnormal Security announced the Abnormal Integrated Cloud Email Security (ICES) platform. Abnormal ICES is an all-in-one email security platform that provides precision against the full spectrum of email attacks.
Read More
Ciso talks podcast logo
In this episode of CISO Talks, we discuss the sheer amount of marketing noise filling the cyberspace. Buzzwords, acronyms and all sorts are being thrown around manically. A lot of organizations benefit from a marketing focus especially SMBs but this is often prioritized above the technology/product.
Read More
Aix outlook logo
Abnormal Security has announced its Integrated Cloud Email Security (ICES) platform. Unlike other email security platforms, Abnormal ICES provides a single, comprehensive solution for protecting against every kind of email attack. Together with Microsoft 365...
Read More
Cso logo
The damage from executive email account takeovers can run into millions of dollars, as recent examples show. In 2019, Toyota Boshoku Corporation lost $37 million after the information in a payment direction from a third-party was changed...
Read More
Symbol purple 02b
Abnormal Security today announced the Abnormal Integrated Cloud Email Security (ICES) platform. Abnormal ICES is the only all-in-one email security platform that provides unparalleled precision against the full spectrum of email attacks.
Read More
Cyber pro podcast logo
Mike shares his insights and experience on the role of the fundamentals of patch management and access management during these highly innovative times in technology.
Read More
Ciso talks podcast logo
In this episode of CISO Talks, we discuss the advantages of focusing on the problems in cybersecurity without any preconceptions and how this benefits the overall process. This episode is really insightful not just to anyone looking to join the cybersecurity space at any level.
Read More
Cbs chicago 2 logo
If your child’s school gets hacked and their personal information gets stolen, you might never hear about it. CBS 2 found one southwest suburban school district that was targeted.
Read More
Cso logo
Security startups are often innovation leaders that attempt to solve critical and persistent problems. These are some of the most interesting ones to watch as they tackle issues around multicloud security, identity management, zero-trust, and more.
Read More