B 05 08 23 MKT006 Rise of Israel Based BEC Attacks R2

Threat Reports

A recent study uncovered the emergence of an Israel-based threat group that launches sophisticated, multistage BEC attacks targeting global enterprises.

Exploring the Rise of Israel-Based BEC Attacks

Business Email Compromise

B 07 20 22 Devastating

Webinars

Business email compromise (BEC) is no joke, and it continues to increase—despite increased awareness of the issue. Learn about the future of BEC attacks in this on-demand webinar.

The Devastating Impact of Business Email Compromise

H1 threat report cover

From June-December 2021, Abnormal Security discovered that nearly all types of advanced email attacks grew  in frequency, with a new trend of phone fraud using email as the first contact.

H1 2022: Fraudsters Use Email in Phone Scams, Targeting 89% of Organizations

Email Security

Supply Chain Compromise

Webinar hacking tobac cover

Rachel Tobac talked to Abnormal Security's CISO Mike Britton about hacking, social engineering attacks, and how to protect your organization.

CISO Fireside Chat: Hacking and Cybersecurity in a New Era

B 04 20 23 CISO guide to BEC

White Papers

See why business email compromise is the most significant cybersecurity threat to organizations and how to protect your employees from these attacks.

CISO Guide to Business Email Compromise

Resource Center: From CEO Fraud to Vendor Fraud: The Shift to Financial Supply Chain Compromise

B 1500x1500 MKT006 09 01 23 CISO Kit to Replace Your SEG

Tools

Discover why traditional secure email gateways are no longer sufficient protection from modern attacks in this kit full of multiple resources.

CISO Kit for Replacing Your SEG

B 08 01 23 MKT324 H2 2023 Email Threat Report

The latest threat report shows that 37.5% of all applications request high-risk permissions—putting your email environment in danger.

H2 2023 - Applications Abound:  Average Organization Now Integrates 379 Third-Party Applications with Email

B 1500x1500 CISO Guide to Generative AI Attacks

Discover how cybercriminals use generative AI tools like ChatGPT to create more effective email attacks and how to protect your organization from them.

CISO Guide to Generative AI Attacks

B 06 20 23 MKT326 Human VS Chat GPT

See how generative AI is changing the threat landscape by determining if these email attacks are created by a human or by ChatGPT.

Quiz: Human or ChatGPT?

Template - Resource Center

Schedule a Demo

Resource Center

Abnormal Recognized as Customers' Choice for Email Security

chakra-ui-ChakraProvider

Button

Container

DemoBlade

Screen

VsMimecast

FormLayouts

VsAvanan

Abnormal Solutions

react-awesome-reveal

lottie-react

react-scroll-parallax-global

plasmic-embed-css

Abnormal Pages

plasmic-query

plasmic-basic-components

Abnormal Legal

Abnormal Why Abnormal

Abnormal Landing Pages

Abnormal Marketing

plasmic-rich-components

Abnormal Partners

Abnormal Products

Abnormal Design System

antd5 hostless

react-slick

For years, executives were the go-to impersonated party in business email compromise (BEC) attacks. Recently, however, attackers have adjusted their strategies—opting to impersonate third-party vendors and suppliers instead.
In January 2022, the number of attacks impersonating third parties surpassed those impersonating internal employees for the first time. This trend has continued each month since, with third-party impersonations making up 52% of all BEC attacks in May 2022. 
Download the threat intelligence report for valuable insight into financial supply chain compromise, including:
<ul><li dir="ltr">What the four types of supply chain compromise look like</li><li dir="ltr">How threat actors impersonate vendors in two specific ways</li><li dir="ltr">Why BEC attacks impersonating executives have decreased 17% year-over-year</li></ul>

You can <a href="https://cdn2.assets-servd.host/gifted-zorilla/production/files/From-CEO-Fraud-to-Vendor-Fraud-The-Shift-to-Financial-Supply-Chain-Compromise.pdf?dm=1675097606" target="_blank" rel="noreferrer noopener">download the report here</a> or read the Executive Summary below. To claim your (ISC)² CPE credit, please fill out <a href="https://docs.google.com/forms/d/e/1FAIpQLSeXpNB-pZ-mhmRUQCxme-d5JCj_4lDYyxVyRHiDBb2ypV5xfQ/viewform" target="_blank" rel="noreferrer noopener">this form</a>.

Since its initial identification in 2013, business email compromise (BEC) has been dominated by executive impersonation. But over the past few years, attackers have adjusted their strategies—opting to impersonate third-party vendors and suppliers instead. In January 2022, the number of attacks impersonating third parties surpassed those impersonating internal employees for the first time. This trend has continued each month since, with third-party impersonations making up 52% of all BEC attacks in May 2022.

Trend of Internal vs External BEC Impersonation Attacks

We’ve seen this shift to what we’ve termed financial supply chain compromise for a number of reasons, most notably because it gives threat actors a plethora of additional trusted identities to exploit. Even the smallest businesses likely work with at least one vendor, and larger companies have supplier numbers in the hundreds or thousands. And while the average employee has some level of familiarity with the company’s executive team, they may not have that same awareness of the organization’s entire vendor ecosystem—particularly in larger enterprises. Further, the vendor-customer dynamic has an intrinsic financial aspect to it, which means emails requesting payments or referencing bank account changes are less likely to raise red flags.
All of these factors combine to make a perfect environment for exploiting end user trust, typically in one of four ways.
<ul><li>Vendor email compromise, the most impactful form of financial supply chain attacks, utilizes the compromise of a supplier's mailbox to target their customers and divert funds from a legitimate business transaction.</li><li>Aging report theft starts with the impersonation of a vendor's executive, then uses outstanding payment information to target the supplier's customers and request that outstanding balances be paid to a new account.</li><li>Third-party reconnaissance attacks leverage open-source intelligence to understand the relationship between vendors and their customers, then use that information to attempt to redirect payments without actually having visibility into those transactions.</li><li>Blind third-party impersonation attacks have no direct insight into vendor-customer relationships or financial transactions and instead rely on the effectiveness of pure social engineering to be successful.</li></ul>
No matter which tactic threat actors use, the fact remains that this shift to financial supply chain compromise is an important milestone in the evolution from low-value, low-impact attacks like spam to high-value, high-impact attacks that can cost thousands of dollars. Abnormal research found that the average vendor email compromise attack costs $183,000, and the highest amount requested thus far was $2.1 million. All this goes to show us that advanced security measures are needed to protect against these evolving threats. Without them, it’s no longer a matter of if there will be a successful attack but instead when one will occur.

<h3><a href="https://cdn2.assets-servd.host/gifted-zorilla/production/files/From-CEO-Fraud-to-Vendor-Fraud-The-Shift-to-Financial-Supply-Chain-Compromise.pdf?dm=1675097606" target="_blank" rel="noreferrer noopener">View the report</a> to continue learning about this remarkable shift to vendor-focused cybercrime.</h3>

From CEO Fraud to Vendor Fraud The Shift to Financial Supply Chain Compromise

Abstract White Logo Closeup

Report fscc cover

Homepage

Breadcrumbs

Abnormal Security provides advanced email security to prevent credential phishing, business email compromise, account takeover, and more.

Abnormal Security

For years, executives were the go-to impersonated party in BEC attacks. Now, threat actors are opting to impersonate vendors and suppliers instead.

The Shift to Financial Supply Chain Compromise

description

go-to, impersonated, party, business, email, opting, impersonate, vendors, executives, compromise, actors, suppliers, years, attacks, threat

keywords

https://optimise2.assets-servd.host/gifted-zorilla/production/images/resources/report-fscc-linkedin.png?w=1200&h=630&q=82&auto=format&fit=crop&dm=1675097778&s=c9032118f9bf1fde9e62fc0fbddf5187

https://abnormalsecurity.com/resources/financial-supply-chain-compromise

referrer

robots

twitter:card

twitter:creator

twitter:description

https://optimise2.assets-servd.host/gifted-zorilla/production/images/resources/report-fscc-twitter.png?w=800&h=418&q=82&auto=format&fit=crop&dm=1675097778&s=febe622f48933c598af7821774904b92

twitter:image

twitter:image:alt

twitter:image:height

twitter:image:width

twitter:site

twitter:title

{"title":{"title":"The Shift to Financial Supply Chain Compromise | Abnormal"}}

For years, executives were the go-to impersonated party in business email compromise attacks. Now, threat actors are opting to impersonate vendors and suppliers instead.

From CEO Fraud to Vendor Fraud: The Shift to Financial Supply Chain Compromise

Download Now

See the Abnormal Solution to the Email Security Problem

Related Resources