New Abnormal Research Shows Brute Force Attacks Rise 671%

August 30, 2021

There is little doubt that business email compromise and other advanced email threats are causing significant damage–both financial and reputational—to organizations worldwide. Because these never-before-seen attacks contain few indicators of compromise, they evade secure email gateways and other traditional email infrastructure, landing in inboxes where unsuspecting employees fall victim to their schemes.

Cybercriminals steal billions each year. In fact, the FBI reported that $4.2 billion was lost last year alone—increasing the five-year total to $13.3 billion. It appears that not much will change in 2021.

Looking for the Keys to the Kingdom

In new research published today, Abnormal discovered a significant increase in both credential phishing and brute force attacks—both of which are attempts to gain access to email accounts. Once accessed, those accounts can be leveraged to send additional attacks on coworkers, partners, and vendors, and provide the credentials necessary to infiltrate other parts of the organization.

In a typical week, we observe brute force attacks targeting about 10% of companies. However, starting in May and ending in mid-June, the percentage of attacks increased by 160% to the highest-ever recorded weekly average of 26%. This means that a quarter of all companies were being targeted by brute force attacks on a weekly basis as cybercriminals attempted to take over their email accounts.

Perhaps most interestingly, during the peak of activity in the week of June 6, 2021, the rate of those attacks rose 671% over the previous weekly average as threat actors targeted 32.5% of all organizations with brute force attacks.

percentage of companies targeted by brute force attacks by week

But that isn’t all. Over the course of the second quarter, we also saw an increase in credential phishing, moving from 66% of advanced attacks in Q4 2020 to over 73% of attacks in Q2 2021. While we can’t be certain, this is likely due to the fact that once criminals have access to an internal email account, they can use that account to launch more dangerous and more targeted emails.

Vendor Email Compromise Rises to Highest Level Yet

Credential phishing may have increased in large part due to the prevalence of vendor email compromise—which rose for the fourth consecutive quarter. In order to commit vendor email compromise, threat actors must first gain access to a vendor account. From there, they can hijack existing conversations to send fraudulent invoices or update bank details.

When it comes to company size, vendor email compromise tends to target larger organizations, with those over 20,000 employees having the highest probability of receiving a VEC attack. Organizations under 5,000 employees experience VEC attacks only once every five weeks, but that number shoots up to nearly every other week for organizations over 20,000 employees. This could be because these larger organizations have more vendors and thus more opportunities for compromise.

chances of vendor email compromise by org size

And let’s not forget the main event—business email compromise. This attack type grew by an additional 22% over the last half. After a relatively slow start to the year with a median of only .2 campaigns per 1,000 mailboxes, we saw a significant rise in attacks as threat actors came back from their winter holiday. It picked up in the spring, before spiking in mid-June, doubling in attack numbers and hitting its peak of .41 campaigns.

The success of BEC has much to do with the impersonation of known individuals—typically a trusted executive, colleague, or vendor. In fact, not much has changed over the past three quarters when it comes to employee and VIP impersonation, as cybercriminals continue to take advantage of unsuspecting employees.

That said, we’ve seen a significant decrease in the number of attacks that are impersonating random individuals, as those attacks dropped from 45% to 34% of all BEC attacks over the past two quarters. Where we did see the biggest increase is in impersonation of official brands and internal automated systems.

There was a 46% increase in spoofs of automated systems, with emails typically coming from aliases like IT Support or IT Help Desk. These generic emails encourage people to download additional software, click on a link, or enter information into an external website. Each method creates an opportunity for cybercriminals to gain access to internal accounts or organizational systems, from which they can launch further attacks.

A New Type of Email Security is Needed

All of the data points to continued increases in all types of advanced attacks—particularly those that can’t be detected by traditional security infrastructure. Because they typically lack traditional indicators of compromise, these attacks are difficult to detect and even harder to prevent. Once they reach inboxes, the last line of defense is your employees, who are prone to error when confronted with a socially-engineered email designed to take advantage of their emotions. And when attackers gain access to full email accounts through brute force attacks, they have the keys to the entire cloud kingdom in their hands.

While we anticipate that these attacks will continue to increase, both in volume and in repercussions, they can be stopped. With the right solution—one focused on understanding the normal to prevent the abnormal—you can ensure that your employees, and your entire organization, are protected from the most dangerous email threats.

Discover which attack types are trending in our Q3 2021 Email Threat Report.


Prevent the Attacks That Matter Most

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Demo 2x 1

See the Abnormal Solution to the Email Security Problem

Protect your organization from the attacks that matter most with Abnormal Integrated Cloud Email Security.

Related Posts

B 05 17 22 Impersonation Attack
See how threat actors used a single mailbox compromise and spoofed domains to subtly impersonate individuals and businesses to coerce victims to pay fraudulent vendor invoices.
Read More
B 05 14 22 Best Workplace
We are over the moon to announce Abnormal has been named one of Inc. Magazine's Best Workplaces of 2022! Learn more about our commitment to our workforce.
Read More
B 05 13 22 Spring Product Release
This quarter, the team at Abnormal launched new features to improve lateral attack detection, role-based access control (RBAC), and explainable AI. Take a deep dive into all of the latest product enhancements.
Read More
B 05 11 22 Champion Finalist
Abnormal has been selected as a Security Customer Champion finalist in the Microsoft Security Excellence Awards! Here’s a look at why.
Read More
Blog series c cover
When we raised our Series B funding 18 months ago, I promised our customers greater value, more capabilities, and better customer support. We’ve delivered on each of those promises and as we receive an even larger investment, I’m excited about how we can continue to further deliver on each of them.
Read More
B 05 09 22 Partner Community
It’s an honor to be named one of CRN’s 2022 Women of the Channel. Here’s why I appreciate the award and what I love about being a Channel Account Manager at Abnormal.
Read More
B 05 05 22 Fast Facts
Watch this short video to learn current trends and key issues in cloud email security, including how to protect your organization against modern threats.
Read More
B 05 03 22
Like all threats in the cyber threat landscape, ransomware will continue to evolve over time. This post builds on our prior research and looks at the changes we observed in the ransomware threat landscape in the first quarter of 2022.
Read More
B 04 28 22 8 Key Differences
At Abnormal, we pride ourselves on our excellent machine learning engineering team. Here are some patterns we use to distinguish between effective and ineffective ML engineers.
Read More
B 04 26 22 Webinar Re Replacing Your SEG
Learn how Microsoft 365 and Abnormal work together to provide comprehensive defense-in-depth protection in part two of our webinar recap.
Read More
Blog mitigate threats cover
Learn about the most common socially-engineered attacks and why these tactics are still so successful—despite a growing awareness from employees.
Read More
B Podcast Engineering8
In episode 8 of Abnormal Engineering Stories, Kevin interviews Saminda Wijegunawardena, an engineering leader who is no stranger to fast-growing enterprise startups.
Read More