Risk of SolarWinds-Style Attacks Through Vendor Email Compromise Increased 82%, Abnormal Threat Research Report Reveals

Research Shows The Same Technique Used in SolarWinds Attack is Accelerating and Targeting Numerous Downstream Industries; Stopping These Attacks Requires a New Approach to Security

SAN FRANCISCO — February 17, 2021Abnormal Security, a next-generation cloud email security company, today released a new threat research report that reveals an 82% increase in the chance of companies getting attacked through SolarWinds-style vendor email compromise (VEC) during any given week. The company also found that these attacks can be very costly as it recently detected and stopped a $1.6M VEC attack.

Based on an analysis of cyber-attacks on Fortune 1000 companies stopped by Abnormal Security from Q3 2020 to January 2021, the report, The Rising Threat of Vendor Email Compromise in a Post-SolarWinds Era, is the industry’s first benchmark of the risk and cost of vendor email compromise attacks. The report revealed that the average potential cost is 144% higher than losses from business email compromise (BEC) reported to the FBI’s Internet Complaint Crime Center (IC3).

“Throughout 2020, threat actors have increased attacks on enterprises using novel and sophisticated social engineering techniques to infiltrate trusted supply chain communications,” said Evan Reiser, CEO and co-founder of Abnormal Security. “To stop these attacks, large enterprises need the right technical controls to identify vendors that have been compromised. This is possible with a real-time risk assessment of vendors and customers communicating with your organization to stop supply chain fraud, which Abnormal uniquely delivers through VendorBase. With this, enterprises can protect themselves against the next SolarWinds vendor email compromise attack.”

The report released today is the latest in a quarterly research series on the state of vendor email compromise, which has focused on supply chain attacks. Through this research, Abnormal has observed a continuous increase in VEC attacks with the goal of stealing large sums of money from enterprises through invoice and payment fraud. 

Key findings in today’s report illustrate the probability that enterprises will be targeted through vendor email compromise and the potential costs:

  • On a quarterly basis, companies had a 50% chance of getting hit with a VEC attack at least once in Q4 2020 vs. 40% in Q3;
  • Companies had a 23% chance of being targeted by a VEC attack during any given week in January 2021 vs. 13% in Q3;
  • The average potential cost of VEC attacks detected and stopped by Abnormal Security is $183,000 per attack;
  • Billing account update fraud is the costliest form of VEC attack – close to $300,000 on average per attack;
  • Threat actors continued to follow the money in Q4, as weekly VEC campaigns with the goal of invoice and payment fraud increased 45% from Q3 to Q4
  • Seven out of eight major industries tracked by Abnormal Security experienced a quarter-over-quarter increase in VEC attacks in Q4. These included Energy/Infrastructure, Finance, Hospitality, Media/TV, Retail/Consumer Goods & and Manufacturing, Services, and Technology.

Supply chain communications are trusted and typically convey a sense of urgency, making it easy for these types of attacks to blend in with legitimate and valid emails. Since the attacks come from trusted yet impersonated or compromised vendor accounts, organizations often cannot detect when an attack is underway until it is too late. 

These attacks highlight the importance of solutions to ensure supply chain security like VendorBase, Abnormal’s global, federated database of vendor and customer behaviors to stop supply chain compromise. VendorBase continuously monitors communications between vendors and customers and provides a real-time, stateful risk assessment enabling the Abnormal AI-based threat detection engine to stop these targeted and sophisticated supply chain attacks that slip past secure email gateways.

To download the full Abnormal Security report, The Rising Threat of Vendor Email Compromise in a Post-SolarWinds Era, please visit here. To request a demo of VendorBase, please visit https://abnormalsecurity.com/request-demo/.  

About Abnormal Security

Abnormal Security is a next-generation cloud email security company that protects enterprises from targeted email attacks, account compromise and supply chain compromise. Unlike legacy email security solutions, the Abnormal Security platform uses an innovative AI-based approach that deeply understands the people, relationships and business processes to stop the most sophisticated cyber-attacks. Abnormal Security is based in San Francisco, CA. More information is available at abnormalsecurity.com

Contact:

Ted Weismann
fama PR for Abnormal Security
Abnormal@famapr.com
(617) 396-7740