2023 Verizon Data Breach Investigations Report Recap: Socially-Engineered BEC Attacks Doubled Over the Past Year

Business email compromise (BEC) continues to be a major security threat to organizations, with a reported loss of $2.7 billion in 2022 alone. This type of cybercrime happens when a threat actor impersonates a reliable source, usually an executive, colleague, supplier, or partner, in order to steal money or sensitive information. As these emails usually lack malicious links or attachments, they are hard to identify with traditional email security measures, making companies vulnerable to attack.

Socially-engineered BEC attacks, specifically, have seen a startling increase over the past few years. This trend is illustrated by Verizon’s 2023 Data Breach Investigations Report, which shows that BEC attacks have doubled over the past year—comprising nearly 60% of social engineering incidents. The report is based on an analysis of 16,312 security incidents and 5,199 breaches over the past year.

Here are just a few of the highlights surrounding BEC and social engineering as discovered by Verizon’s DBIR team.

Rather than relying on malicious software, social engineering attacks use deception and human interaction to gain access to confidential information and systems. Threat actors use false pretexts and manufactured urgency or implicit trust in an attempt to manipulate employees into taking an action or divulging sensitive data.

Social engineering incidents have increased dramatically year over year, primarily due to pretexting—a deception method commonly used in BEC attacks—in which a threat actor will create a false narrative (or pretext) to gain the trust of a person and persuade them into revealing confidential information, downloading malicious software, or sending fraudulent payments.

Verizon reports that BEC attacks have doubled since 2022 and the median amount stolen from these attacks is now more than $50,000. This is likely a result of previous success. Because traditional secure email gateways have trouble identifying and blocking these emails, cybercriminals are seeing success and thus doubling down on what is already working for them.

BEC attacks have nearly doubled since 2022, making up more than 50% of pretexting incidents.

When it comes to email threats, your workforce is your biggest liability. While employees must be accurate 100% of the time in identifying attacks, cybercriminals only need to find one distracted or untrained employee and they understand this. The vast majority of data breaches occurring since 2021 have involved the human element in some form or another—human error, privilege misuse, use of stolen credentials, or social engineering. According to Verizon’s DBIR team, 74% of all breaches include the human element.

Recent Abnormal data confirms Verizon's findings. In 2022, the average open rate of text-based business email compromise (BEC) attacks was 28% and approximately 15% of the malicious emails that were read were replied to. That means that over a quarter of all attacks that make it to the inbox are actually read—making it more important than ever to block attacks before they reach your end users.

74% of all breaches include the human element.

Cybercriminals often rely on using stolen credentials and take advantage of known vulnerabilities to gain access to a company's network. Once they have a foothold, they are then able to access emails, steal code from repositories, and more. Although these measures may not be particularly complex, they are still highly effective—as evidenced by the steady presence of these types of attacks. This highlights the importance of implementing security measures such as multifactor authentication and patch management, as well as understanding your security posture across your email and email-like applications.

The three primary ways in which attackers access an organization are stolen credentials, phishing, and exploitation of vulnerabilities.

As the data from the Verizon DBIR indicates, these attacks are becoming increasingly successful in taking advantage of existing relationships between the victim and their executives, coworkers, and partners. The rise in both volume and success shows how traditional email security tools are unable to detect and prevent these attacks, and that a more modern solution is needed.

Stopping BEC requires implementing a solution that can detect and interpret the thousands of signals available via an API, and then monitor them for key deviations from known-good behavior. Because these attacks have few indicators of compromise, like a malicious attachment or known bad domain, email security must shift to understand normal behavior and use that baseline to detect anomalous activity. After all, the focus on the human element shows that it’s only by stopping BEC attacks from reaching inboxes can we ensure our organizations remain secure.

Abnormal Security offers the leading behavioral AI-powered security platform utilizing machine learning to stop sophisticated inbound email threats like BEC and risky email platform attacks that evade traditional solutions. Our anomaly detection engine has the ability to combat social engineering attacks by comprehending identity and context to evaluate the danger of every cloud email occurrence, blocking inbound email threats, spotting compromised accounts, and handling emails in a flash – all while providing visibility into configuration changes in your environment.

Interested in learning more about how Abnormal can protect you from advanced attacks?