SAN FRANCISCO — February 17, 2021 — Abnormal Security, a next-generation cloud email security company, today released a new threat research report that reveals an 82% increase in the chance of companies getting attacked through SolarWinds-style vendor email compromise (VEC) during any given week. The company also found that these attacks can be very costly as it recently detected and stopped a $1.6M VEC attack.
Based on an analysis of cyber-attacks on Fortune 1000 companies stopped by Abnormal Security from Q3 2020 to January 2021, the report, The Rising Threat of Vendor Email Compromise in a Post-SolarWinds Era, is the industry’s first benchmark of the risk and cost of vendor email compromise attacks. The report revealed that the average potential cost is 144% higher than losses from business email compromise (BEC) reported to the FBI’s Internet Complaint Crime Center (IC3).
“Throughout 2020, threat actors have increased attacks on enterprises using novel and sophisticated social engineering techniques to infiltrate trusted supply chain communications,” said Evan Reiser, CEO and co-founder of Abnormal Security. “To stop these attacks, large enterprises need the right technical controls to identify vendors that have been compromised. This is possible with a real-time risk assessment of vendors and customers communicating with your organization to stop supply chain fraud, which Abnormal uniquely delivers through VendorBase. With this, enterprises can protect themselves against the next SolarWinds vendor email compromise attack.”
The report released today is the latest in a quarterly research series on the state of vendor email compromise, which has focused on supply chain attacks. Through this research, Abnormal has observed a continuous increase in VEC attacks with the goal of stealing large sums of money from enterprises through invoice and payment fraud.
Key findings in today’s report illustrate the probability that enterprises will be targeted through vendor email compromise and the potential costs:
Supply chain communications are trusted and typically convey a sense of urgency, making it easy for these types of attacks to blend in with legitimate and valid emails. Since the attacks come from trusted yet impersonated or compromised vendor accounts, organizations often cannot detect when an attack is underway until it is too late.
These attacks highlight the importance of solutions to ensure supply chain security like VendorBase, Abnormal’s global, federated database of vendor and customer behaviors to stop supply chain compromise. VendorBase continuously monitors communications between vendors and customers and provides a real-time, stateful risk assessment enabling the Abnormal AI-based threat detection engine to stop these targeted and sophisticated supply chain attacks that slip past secure email gateways.
To download the full Abnormal Security report, The Rising Threat of Vendor Email Compromise in a Post-SolarWinds Era, please visit here. To request a demo of VendorBase, please visit https://abnormalsecurity.com/request-demo/.
Abnormal Security is a next-generation cloud email security company that protects enterprises from targeted email attacks, account compromise and supply chain compromise. Unlike legacy email security solutions, the Abnormal Security platform uses an innovative AI-based approach that deeply understands the people, relationships and business processes to stop the most sophisticated cyber-attacks. Abnormal Security is based in San Francisco, CA. More information is available at abnormalsecurity.com.
Ted Weismann
fama PR for Abnormal Security
Abnormal@famapr.com
(617) 396-7740