Corner yellow 2 FINAL

The Rise of Social Engineering Success: What CISOs Need to Know

The email threat landscape is evolving fast. Discover the new tactics cybercriminals are using and how to reduce your risk of falling victim to these modern email attacks.

April 19, 2022

While traditional email security tools may be able to prevent the overwhelming majority of spam messages, phishing attempts, and other deceptive emails from ever reaching your inbox, these aren’t the only types of threats you need to worry about.

The truth is, targeted attacks—like business email compromise, supply chain fraud, ransomware, and account takeover—have greater potential to cause disastrous consequences for your company, despite the fact that you receive far fewer of them. And because they have few traditional indicators of compromise (like a malicious attachment or suspicious link), they also have a higher likelihood of being safely delivered.

As part of a recent webinar, I sat down with one of the leading voices in cybersecurity to talk about this evolving threat landscape. Here’s what you need to know about it and which steps every business can (and should) take to reduce the risk of falling victim to these modern email attacks.

Email Is Still the Primary Attack Vector

Although real-time collaboration tools like Slack and Microsoft Teams have skyrocketed in popularity over the past two years, email remains the go-to channel for asynchronous communication. And because our universal dependence on email is unlikely to end anytime soon, it will continue to be an attractive vehicle for cyberattacks.

Because they provide access to individuals at companies anywhere in the world, email attacks are highly lucrative. The recent FBI IC3 report has shown that loss from business email compromise continues to increase, costing organizations $2.4 billion last year, and our research shows that the average supply chain compromise attack costs an organization more than $180,000.

In addition, cybercriminals are successful in their account compromise attempts 12% of the time, enabling them to access and use real user accounts to run their attacks. These stats indicate the severity of the problem and showcase the fact that it isn’t going away anytime soon.

Traditional Indicators of Compromise Are Becoming Obsolete

Unlike attacks of the past, modern cybercriminals don’t have to compromise their victims’ existing infrastructure to execute their attacks. Instead, they have the resources to build their own infrastructure, which is more reliable than a hijacked system and can support attacks that bypass the secure email gateway. These infrastructures can even be quickly adapted to attack certain targets.

Further, while business email compromise may appear to be less sophisticated than designing and installing malicious software, it’s often a more effective approach because the technology wasn’t developed to stop these kinds of attacks. By removing malicious attachments and suspicious links and instead relying entirely on text-based communication, it’s easier for threat actors to circumvent conventional security measures.

In essence, modern cybercriminals have learned how to hack the human, rendering the tools that look only for traditional indicators of compromise nearly obsolete.

Modern Tactics Focus On Compromising People, Not Just Hardware

Threat actors have started to move away from tricking targets into downloading infected attachments or clicking on malicious links. Rather, they’re focusing on triggering an emotional response—most often urgency or worry—via social engineering.

Recently, we’ve seen a resurgence of conversation hijacking, a type of attack that is less of an all-out assault and more of a slow play. Threat actors will first gain access to an employee’s credentials through a credential phishing attack and then enter their inbox and browse through their messages until they find the right opportunity to “take over” an existing conversation. Once they’ve found that opportunity, they then reply to a thread with a request for sensitive data or payment for a nonexistent invoice.

Conversation hijacking capitalizes on our innate desire to be cooperative and assume positive intent. When we receive an email from a colleague or partner asking for assistance of some kind, generally our first instinct is to be helpful, not suspicious—exactly what attackers are banking on. Consequently, understanding when an account has been compromised and then blocking these attacks before your employees can respond to them is fundamental to minimizing your organization’s risk.

Social Engineering Attacks Can Be Exceptionally Costly

What makes account takeovers particularly pernicious is that once a cybercriminal manages to get through the door, they can fly under the radar for months. Sitting in the background undetected, they can obtain untold volumes of valuable data about the company and its customers, which they can then sell or leverage for future attacks.

Or, in the case of vendor fraud, the perpetrators can take advantage of recurring payments to collect considerable sums of money. A colleague of mine shared the story of one retailer who paid millions of dollars worth of fraudulent invoices after an attacker created a fake supplier profile in the retailer’s inventory management system. For more than six months, the cybercriminals successfully received payment for fake orders until the company finally realized what was happening.

What’s worse is that in some cases, the fraudsters don’t even have to access the account, instead relying on domain spoofing or display name deception to run their scams.

Threat Monitoring and Quick Responses Are Essential

Unfortunately, when it comes to mitigating attacks, the odds are stacked against the average business. A cybercriminal only has to succeed once to cause long-term damage, which is incredibly scary given the fact that large enterprises can have hundreds of millions of email accounts.

While organizations should have a layered approach to stopping these attacks, attempting to eliminate all fraudulent activity is an exercise in futility.

Any moderately-sized organization will have to endure at least one (if not multiple) attacks per day. What sets the victims apart from the companies who simply experience intrusions, however, is that the latter are actively searching for fraudulent activity. They understand that the be-all, end-all of information security isn’t only to keep the bad actors out, but to be able to respond quickly and quash any threats once they’ve been identified, should they bypass security infrastructure.

CISOs at these organizations prioritize both the prevention of successful attacks, as well as the identification and immediate remediation of intrusions. Their systems focus on responding quickly to contain the issue and minimize any losses. And they recognize that people are the last line of defense, ensuring that they understand the risk through security awareness training.

Protect Your Organization by Modernizing Your Email Security

The vast majority of cybercrime today is successful because it hijacks the people behind the keyboard. The best thing you can do is to stop these attacks before they reach them, and the most effective way to do that is to use a behavioral-based approach that evaluates identity, context, and content to establish known good and block the messages that deviate from it.

Abnormal Security helps you keep your business safe by preventing high-impact targeted attacks. Check out our Gartner Peer Reviews to see why organizations worldwide trust our cloud-native email security platform to protect them from the attacks that matter most.


Prevent the Attacks That Matter Most

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Demo 2x 1

See the Abnormal Solution to the Email Security Problem

Protect your organization from the attacks that matter most with Abnormal Integrated Cloud Email Security.

Related Posts

B 05 11 22 Scaling Out Redis
As we’ve scaled our customer base, the size of our datasets has also grown. With our rapid expansion, we were on track to hit the data storage limit of our Redis server in two months, so we needed to figure out a way to scale beyond this—and fast!
Read More
B 05 17 22 Impersonation Attack
See how threat actors used a single mailbox compromise and spoofed domains to subtly impersonate individuals and businesses to coerce victims to pay fraudulent vendor invoices.
Read More
B 05 14 22 Best Workplace
We are over the moon to announce Abnormal has been named one of Inc. Magazine's Best Workplaces of 2022! Learn more about our commitment to our workforce.
Read More
B 05 13 22 Spring Product Release
This quarter, the team at Abnormal launched new features to improve lateral attack detection, role-based access control (RBAC), and explainable AI. Take a deep dive into all of the latest product enhancements.
Read More
B 05 11 22 Champion Finalist
Abnormal has been selected as a Security Customer Champion finalist in the Microsoft Security Excellence Awards! Here’s a look at why.
Read More
Blog series c cover
When we raised our Series B funding 18 months ago, I promised our customers greater value, more capabilities, and better customer support. We’ve delivered on each of those promises and as we receive an even larger investment, I’m excited about how we can continue to further deliver on each of them.
Read More
B 05 09 22 Partner Community
It’s an honor to be named one of CRN’s 2022 Women of the Channel. Here’s why I appreciate the award and what I love about being a Channel Account Manager at Abnormal.
Read More
B 05 05 22 Fast Facts
Watch this short video to learn current trends and key issues in cloud email security, including how to protect your organization against modern threats.
Read More
B 05 03 22
Like all threats in the cyber threat landscape, ransomware will continue to evolve over time. This post builds on our prior research and looks at the changes we observed in the ransomware threat landscape in the first quarter of 2022.
Read More
B 04 28 22 8 Key Differences
At Abnormal, we pride ourselves on our excellent machine learning engineering team. Here are some patterns we use to distinguish between effective and ineffective ML engineers.
Read More
B 04 26 22 Webinar Re Replacing Your SEG
Learn how Microsoft 365 and Abnormal work together to provide comprehensive defense-in-depth protection in part two of our webinar recap.
Read More
Blog mitigate threats cover
Learn about the most common socially-engineered attacks and why these tactics are still so successful—despite a growing awareness from employees.
Read More