Threatlist: Email Attacks Surge, Targeting Execs

There was a 36 percent increase in email attacks against businesses between the first and second quarters of 2018, with retail, healthcare and government experiencing the most business email compromise (BEC) attempts, according to a new report.

Non-management and low-level management employees are most often targeted inside organizations: They accounted for 60 percent of highly targeted malware and credential phishing attacks. However, according to the “Protecting People” report from Proofpoint, analyzing customer attack data gathered April through June 2018.  Executives, on the other hand, only received 23.5 percent and 5.2 percent of targeted attacks, respectively.

Email attacks surged in some categories.

However, this still “a disproportionately large share of attacks” for upper management, given how few executives there are compared the total workforce.

“With information about employees widely and freely available, they can find multiple ways inside your environment,” according to the report.

Overall, the number of email fraud attacks per targeted company rose 25 percent from the previous quarter (to 35 on average) and 85 percent from the year-ago quarter. Most companies were targeted at least once.

Ransomware rebounded in the summer.

Ransomware rebounded, accounting for nearly 11 percent percent of the total malicious email volume after falling sharply in previous quarters from its top 2017 perch.

“By its nature, email fraud targets specific companies and recipients. It works by impersonating someone the recipient knows and trusts. The attacker may request a wire transfer or sensitive information. In either case, the order looks like an everyday business request.”

Some industries saw triple-digit increases from a year ago. The average number of email fraud attacks against automotive companies soared more than 400 percent. Education-related attacks jumped 250 percent.

Further, more than 65 percent of companies targeted by email fraud had the identities of more than five employees spoofed. That’s more than triple the proportion in the year-ago quarter, suggesting that fraudsters are getting more creative and finding new ways to target victims.

And finally, domain fraud, where attackers use “lookalike domains” to establish trust and carry out email fraud, credential phishing, counterfeiting and more, disproportionately affect U.S. consumers, the report found. Nearly two-thirds of targeted companies saw some level of abuse of their domains, including fraudsters sending attacks that spoofed the recipient’s own employer.

Also, nearly a quarter (23 percent) of suspicious domains that imitate top U.S. brands have active MX records, meaning they can send fraudulent emails to unsuspecting customers and employees.