chat
expand_more

The Rise of Social Engineering Success: What CISOs Need to Know

The email threat landscape is evolving fast. Discover the new tactics cybercriminals are using and how to reduce your risk of falling victim to these modern email attacks.
April 19, 2022

While traditional email security tools may be able to prevent the overwhelming majority of spam messages, phishing attempts, and other deceptive emails from ever reaching your inbox, these aren’t the only types of threats you need to worry about.

The truth is, targeted attacks—like business email compromise, supply chain fraud, ransomware, and account takeover—have greater potential to cause disastrous consequences for your company, despite the fact that you receive far fewer of them. And because they have few traditional indicators of compromise (like a malicious attachment or suspicious link), they also have a higher likelihood of being safely delivered.

As part of a recent webinar, I sat down with one of the leading voices in cybersecurity to talk about this evolving threat landscape. Here’s what you need to know about it and which steps every business can (and should) take to reduce the risk of falling victim to these modern email attacks.

Email Is Still the Primary Attack Vector

Although real-time collaboration tools like Slack and Microsoft Teams have skyrocketed in popularity over the past two years, email remains the go-to channel for asynchronous communication. And because our universal dependence on email is unlikely to end anytime soon, it will continue to be an attractive vehicle for cyberattacks.

Because they provide access to individuals at companies anywhere in the world, email attacks are highly lucrative. The recent FBI IC3 report has shown that loss from business email compromise continues to increase, costing organizations $2.4 billion last year, and our research shows that the average supply chain compromise attack costs an organization more than $180,000.

In addition, cybercriminals are successful in their account compromise attempts 12% of the time, enabling them to access and use real user accounts to run their attacks. These stats indicate the severity of the problem and showcase the fact that it isn’t going away anytime soon.

Traditional Indicators of Compromise Are Becoming Obsolete

Unlike attacks of the past, modern cybercriminals don’t have to compromise their victims’ existing infrastructure to execute their attacks. Instead, they have the resources to build their own infrastructure, which is more reliable than a hijacked system and can support attacks that bypass the secure email gateway. These infrastructures can even be quickly adapted to attack certain targets.

Further, while business email compromise may appear to be less sophisticated than designing and installing malicious software, it’s often a more effective approach because the technology wasn’t developed to stop these kinds of attacks. By removing malicious attachments and suspicious links and instead relying entirely on text-based communication, it’s easier for threat actors to circumvent conventional security measures.

In essence, modern cybercriminals have learned how to hack the human, rendering the tools that look only for traditional indicators of compromise nearly obsolete.

Modern Tactics Focus On Compromising People, Not Just Hardware

Threat actors have started to move away from tricking targets into downloading infected attachments or clicking on malicious links. Rather, they’re focusing on triggering an emotional response—most often urgency or worry—via social engineering.

Recently, we’ve seen a resurgence of conversation hijacking, a type of attack that is less of an all-out assault and more of a slow play. Threat actors will first gain access to an employee’s credentials through a credential phishing attack and then enter their inbox and browse through their messages until they find the right opportunity to “take over” an existing conversation. Once they’ve found that opportunity, they then reply to a thread with a request for sensitive data or payment for a nonexistent invoice.

Conversation hijacking capitalizes on our innate desire to be cooperative and assume positive intent. When we receive an email from a colleague or partner asking for assistance of some kind, generally our first instinct is to be helpful, not suspicious—exactly what attackers are banking on. Consequently, understanding when an account has been compromised and then blocking these attacks before your employees can respond to them is fundamental to minimizing your organization’s risk.

Social Engineering Attacks Can Be Exceptionally Costly

What makes account takeovers particularly pernicious is that once a cybercriminal manages to get through the door, they can fly under the radar for months. Sitting in the background undetected, they can obtain untold volumes of valuable data about the company and its customers, which they can then sell or leverage for future attacks.

Or, in the case of vendor fraud, the perpetrators can take advantage of recurring payments to collect considerable sums of money. A colleague of mine shared the story of one retailer who paid millions of dollars worth of fraudulent invoices after an attacker created a fake supplier profile in the retailer’s inventory management system. For more than six months, the cybercriminals successfully received payment for fake orders until the company finally realized what was happening.

What’s worse is that in some cases, the fraudsters don’t even have to access the account, instead relying on domain spoofing or display name deception to run their scams.

Threat Monitoring and Quick Responses Are Essential

Unfortunately, when it comes to mitigating attacks, the odds are stacked against the average business. A cybercriminal only has to succeed once to cause long-term damage, which is incredibly scary given the fact that large enterprises can have hundreds of millions of email accounts.

While organizations should have a layered approach to stopping these attacks, attempting to eliminate all fraudulent activity is an exercise in futility.

Any moderately-sized organization will have to endure at least one (if not multiple) attacks per day. What sets the victims apart from the companies who simply experience intrusions, however, is that the latter are actively searching for fraudulent activity. They understand that the be-all, end-all of information security isn’t only to keep the bad actors out, but to be able to respond quickly and quash any threats once they’ve been identified, should they bypass security infrastructure.

CISOs at these organizations prioritize both the prevention of successful attacks, as well as the identification and immediate remediation of intrusions. Their systems focus on responding quickly to contain the issue and minimize any losses. And they recognize that people are the last line of defense, ensuring that they understand the risk through security awareness training.

Protect Your Organization by Modernizing Your Email Security

The vast majority of cybercrime today is successful because it hijacks the people behind the keyboard. The best thing you can do is to stop these attacks before they reach them, and the most effective way to do that is to use a behavioral-based approach that evaluates identity, context, and content to establish known good and block the messages that deviate from it.

Abnormal Security helps you keep your business safe by preventing high-impact targeted attacks. Check out our Gartner Peer Reviews to see why organizations worldwide trust our cloud-native email security platform to protect them from the attacks that matter most.

The Rise of Social Engineering Success: What CISOs Need to Know

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B Dropbox Open Enrollment Attack Blog
Discover how Dropbox was exploited in a sophisticated phishing attack that leveraged AiTM tactics to steal credentials during the open enrollment period.
Read More
B AISOC
Discover how AI is transforming security operation centers by reducing noise, enhancing clarity, and empowering analysts with enriched data for faster threat detection and response.
Read More
B Microsoft Blog
Explore the latest cybersecurity insights from Microsoft’s 2024 Digital Defense Report. Discover next-gen security strategies, AI-driven defenses, and critical approaches to counter evolving threats and safeguard your organization.
Read More
B Osterman Blog
Explore five key insights from Osterman Research on how AI-driven tools are revolutionizing defensive cybersecurity by enhancing threat detection, boosting security team efficiency, and countering sophisticated cyberattacks.
Read More
B AI Native Vendors
Explore how AI-native security like Abnormal fights back against AI-powered cyberattacks, protecting your organization from human-targeted threats.
Read More
B 2024 ISC2 Cybersecurity Workforce Study Recap
Explore key findings from the 2024 ISC2 Cybersecurity Workforce Study and find out how SOC teams can adapt and thrive amidst modern challenges.
Read More