SAN FRANCISCO — June 17, 2020 — Abnormal Security, a leader in protecting large enterprises from Business Email Compromise (BEC) attacks, today released the Abnormal Security Quarterly BEC Report for Q1 2020. The first in a series of quarterly reports, the Q1 2020 report illustrates trends from actual BEC attacks discovered by Abnormal Security to help inform enterprise security strategy. The report also features a special section on email account compromise and security attack patterns during the COVID-19 pandemic. Notably, Abnormal Security found that COVID-related attacks increased 436% between the second and third weeks of March 2020, with an average 173% week-over-week increase during the quarter.
Abnormal Security also uncovered a shift from individual to group BEC attacks, with campaigns with more than 10 recipients up 27% compared to Q4 2019. Attackers also adjusted their targets, with attacks on finance employees increasing more than 75% as attacks on C-Suite executives decreased by 37%. This illustrates a trend away from paycheck and engagement fraud and toward payment fraud, specifically invoice fraud attacks, which increased more than 75%.
“The email security trends we witnessed during Q1 are most certainly related to the COVID-19 pandemic and the shift to work from home, but they also reflect greater sophistication and attack strategy by threat actors,” said Evan Reiser, CEO and co-founder, Abnormal Security. “By increasing campaign target size, attackers increase the opportunity for social validity and by targeting finance employees who manage third-party payments, they’ve found a new vector for payouts.”
COVID-19-related attacks during Q1 2020 capitalized on fear and uncertainty, leveraging trusted entities and using spoofed and compromised accounts to scam recipients, steal credentials or install malware. Attack themes followed the pandemic news cycle, using lures such as testing and vaccines and financial relief and stimulus payments, as attackers impersonated trusted entities such as the Centers for Disease Control (CDC).
“With employees largely working from home and a daily inundation of information related to the pandemic, attackers saw multiple areas of vulnerability in Q12020 and took swift advantage of them,” said Reiser. “Without sophisticated BEC security measures in place, the likelihood of business and email compromise increases significantly. The good news is that technology exists to thwart these attacks before they reach their intended targets.”
The Abnormal Security platform protects against targeted attacks by analyzing multiple data sources, including data beyond email. Abnormal Behavior Technology (ABX) uses this rich set of organization-specific data to uniquely drive the Abnormal Identity Model, the Abnormal Relationship Graph and Abnormal Content Analysis. Through this combination, ABX results in exceptional detection efficacy. More than 70% of business email compromise attacks identified through Abnormal Security platform customer deployments were not initially blocked by security email gateway solutions.
Deployed as a native integration into the Microsoft Office 365 environment with customers leveraging a wide variety of email security tools, Abnormal Security gathered data and analyzed the types of BEC attacks that slip past traditional defenses.
The Abnormal Quarterly BEC Report for Q1 2020 report available for download. Please visit: https://info.abnormalsecurity.com.
About Abnormal Security
The Abnormal Security cloud email security platform protects enterprises from targeted email attacks. Powered by Abnormal Behavior Technology (ABX), the platform combines the Abnormal Identity Model, the Abnormal Relationship Graph and Abnormal Content Analysis to stop attacks that lead to account takeover, financial damage and organizational mistrust. Through one-click, API-based Office 365 and G Suite integration, Abnormal sets up in minutes, requires no configuration and does not impact email flow. Backed by Greylock Partners, Abnormal Security is based in San Francisco, CA. www.abnormalsecurity.com
fama PR for Abnormal Security