Corner yellow 2 FINAL

The Rise of Social Engineering Success: What CISOs Need to Know

The email threat landscape is evolving fast. Discover the new tactics cybercriminals are using and how to reduce your risk of falling victim to these modern email attacks.

April 19, 2022

While traditional email security tools may be able to prevent the overwhelming majority of spam messages, phishing attempts, and other deceptive emails from ever reaching your inbox, these aren’t the only types of threats you need to worry about.

The truth is, targeted attacks—like business email compromise, supply chain fraud, ransomware, and account takeover—have greater potential to cause disastrous consequences for your company, despite the fact that you receive far fewer of them. And because they have few traditional indicators of compromise (like a malicious attachment or suspicious link), they also have a higher likelihood of being safely delivered.

As part of a recent webinar, I sat down with one of the leading voices in cybersecurity to talk about this evolving threat landscape. Here’s what you need to know about it and which steps every business can (and should) take to reduce the risk of falling victim to these modern email attacks.

Email Is Still the Primary Attack Vector

Although real-time collaboration tools like Slack and Microsoft Teams have skyrocketed in popularity over the past two years, email remains the go-to channel for asynchronous communication. And because our universal dependence on email is unlikely to end anytime soon, it will continue to be an attractive vehicle for cyberattacks.

Because they provide access to individuals at companies anywhere in the world, email attacks are highly lucrative. The recent FBI IC3 report has shown that loss from business email compromise continues to increase, costing organizations $2.4 billion last year, and our research shows that the average supply chain compromise attack costs an organization more than $180,000.

In addition, cybercriminals are successful in their account compromise attempts 12% of the time, enabling them to access and use real user accounts to run their attacks. These stats indicate the severity of the problem and showcase the fact that it isn’t going away anytime soon.

Traditional Indicators of Compromise Are Becoming Obsolete

Unlike attacks of the past, modern cybercriminals don’t have to compromise their victims’ existing infrastructure to execute their attacks. Instead, they have the resources to build their own infrastructure, which is more reliable than a hijacked system and can support attacks that bypass the secure email gateway. These infrastructures can even be quickly adapted to attack certain targets.

Further, while business email compromise may appear to be less sophisticated than designing and installing malicious software, it’s often a more effective approach because the technology wasn’t developed to stop these kinds of attacks. By removing malicious attachments and suspicious links and instead relying entirely on text-based communication, it’s easier for threat actors to circumvent conventional security measures.

In essence, modern cybercriminals have learned how to hack the human, rendering the tools that look only for traditional indicators of compromise nearly obsolete.

Modern Tactics Focus On Compromising People, Not Just Hardware

Threat actors have started to move away from tricking targets into downloading infected attachments or clicking on malicious links. Rather, they’re focusing on triggering an emotional response—most often urgency or worry—via social engineering.

Recently, we’ve seen a resurgence of conversation hijacking, a type of attack that is less of an all-out assault and more of a slow play. Threat actors will first gain access to an employee’s credentials through a credential phishing attack and then enter their inbox and browse through their messages until they find the right opportunity to “take over” an existing conversation. Once they’ve found that opportunity, they then reply to a thread with a request for sensitive data or payment for a nonexistent invoice.

Conversation hijacking capitalizes on our innate desire to be cooperative and assume positive intent. When we receive an email from a colleague or partner asking for assistance of some kind, generally our first instinct is to be helpful, not suspicious—exactly what attackers are banking on. Consequently, understanding when an account has been compromised and then blocking these attacks before your employees can respond to them is fundamental to minimizing your organization’s risk.

Social Engineering Attacks Can Be Exceptionally Costly

What makes account takeovers particularly pernicious is that once a cybercriminal manages to get through the door, they can fly under the radar for months. Sitting in the background undetected, they can obtain untold volumes of valuable data about the company and its customers, which they can then sell or leverage for future attacks.

Or, in the case of vendor fraud, the perpetrators can take advantage of recurring payments to collect considerable sums of money. A colleague of mine shared the story of one retailer who paid millions of dollars worth of fraudulent invoices after an attacker created a fake supplier profile in the retailer’s inventory management system. For more than six months, the cybercriminals successfully received payment for fake orders until the company finally realized what was happening.

What’s worse is that in some cases, the fraudsters don’t even have to access the account, instead relying on domain spoofing or display name deception to run their scams.

Threat Monitoring and Quick Responses Are Essential

Unfortunately, when it comes to mitigating attacks, the odds are stacked against the average business. A cybercriminal only has to succeed once to cause long-term damage, which is incredibly scary given the fact that large enterprises can have hundreds of millions of email accounts.

While organizations should have a layered approach to stopping these attacks, attempting to eliminate all fraudulent activity is an exercise in futility.

Any moderately-sized organization will have to endure at least one (if not multiple) attacks per day. What sets the victims apart from the companies who simply experience intrusions, however, is that the latter are actively searching for fraudulent activity. They understand that the be-all, end-all of information security isn’t only to keep the bad actors out, but to be able to respond quickly and quash any threats once they’ve been identified, should they bypass security infrastructure.

CISOs at these organizations prioritize both the prevention of successful attacks, as well as the identification and immediate remediation of intrusions. Their systems focus on responding quickly to contain the issue and minimize any losses. And they recognize that people are the last line of defense, ensuring that they understand the risk through security awareness training.

Protect Your Organization by Modernizing Your Email Security

The vast majority of cybercrime today is successful because it hijacks the people behind the keyboard. The best thing you can do is to stop these attacks before they reach them, and the most effective way to do that is to use a behavioral-based approach that evaluates identity, context, and content to establish known good and block the messages that deviate from it.

Abnormal Security helps you keep your business safe by preventing high-impact targeted attacks. Check out our Gartner Peer Reviews to see why organizations worldwide trust our cloud-native email security platform to protect them from the attacks that matter most.

Image

Prevent the Attacks That Matter Most

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

0
Demo 2x 1

See the Abnormal Solution to the Email Security Problem

Protect your organization from the attacks that matter most with Abnormal Integrated Cloud Email Security.

Related Posts

B 10 3 22 Cobalt Terrapin Blog
Threat group Cobalt Terrapin uses sophisticated impersonation techniques with multiple steps to commit invoice fraud.
Read More
B 09 29 22 CISO Cybersecurity Awareness Month
October is here, which means Cybersecurity Awareness Month is officially in full swing! These five tips can help security leaders take full advantage of the month.
Read More
B Email Security Challenges Blog 09 26 22
Understanding common email security challenges caused by your legacy technology will help you determine the best solution to improve your security posture.
Read More
B 5 Crucial Tips
Retailers are a popular target for threat actors due to their wealth of customer data and availability of funds. Here are 5 cybersecurity tips to help retailers reduce their risk of attack.
Read More
B 3 Essential Elements
Legacy approaches to managing unwanted mail are neither practical nor scalable. Learn the 3 essential elements of modern, effective graymail management.
Read More
B Back to School
Discover how threat group Chiffon Herring leverages impersonation and spoofed email addresses to divert paychecks to mule accounts.
Read More
B 09 06 22 Rearchitecting a System Blog
We recently shared a look at how the Abnormal engineering team overhauled our Unwanted Mail service architecture to accommodate our rapid growth. Today, we’re diving into how the team migrated traffic to the new architecture—with zero downtime.
Read More
B Industry Leading CIS Os
Stay up to date on the latest cybersecurity trends, industry news, and best practices by following these 12 innovative and influential thought leaders on social media.
Read More
B Podcast Engineering 11 08 24 22
In episode 11 of Abnormal Engineering Stories, David Hagar, Director of Engineering and Abnormal Head of UK Engineering, continues his conversation with Zehan Wang, co-founder of Magic Pony.
Read More