Business email compromise attacks surge as ransomware trails off

Growing success with business email compromise (BEC) attacks has spurred cybercriminals to redouble their efforts, with new figures showing that BEC volumes surged to record highs in the last quarter of 2018.

The number of such attacks – in which an attacker emulates a trusted superior or co-worker in an effort to steal company funds – increased 226 percent from the previous quarter and 476 percent compared with the same period a year ago, according to the Q4 2018 Proofpoint Quarterly Threat Report.

The attacks have proven furiously successful, with the US FBI recently upgrading its estimate of total losses to BEC attacks to $US12.5 billion ($A17.61b).

Telecommunications companies were far and away the most common targets for BEC attacks, with transportation and education providers a distant second and third.

Banking Trojans were the top email-borne threat during the quarter, comprising 56 percent of all malicious payloads; of these, the Emotet Trojan was far and away the most common, comprising 76 percent of banking Trojans.

Emotet has been a concern for security researchers for some time, thanks in part to its worm-like design and a success rate that led security researcher Carlo Minassian to label it “the star atop the Christmas tree” and a major threat for 2019.

Proofpoint’s analysis – drawn from of over 5 billion email messages and 250m malware samples daily – would seem to support Minassian’s predictions. Yet Emotet is only one of many email-borne threats facing corporates: in a quarter that the report’s authors said was “characterised by more even distribution of attack types”, the new figures paint a harrowing picture for companies working continuously to protect themselves from online fraud.

Apart from banking Trojans, the industry was also seeing a resurgence of remote-access Trojans, which accounted for 8.4 percent of all malicious payloads during the quarter – a “significant change from previous years, in which they were rarely used by crimeware actors”, the report notes.

Ransomware, similarly, had declined from being the darling of cybercriminals in 2017, dropping by the end of 2018 to the point where it comprised just 0.1 percent of overall malicious message volume (some analyses suggest this is because ransomware attacks are getting more sophisticated and better targeted).

By contrast, credential stealers or downloaders increased by over 230 percent year on year – reflecting, or perhaps contributing to, the flood of recent credential breaches that has seen over 2.2 billion credentials published online in recent weeks.

“It appears that threat actors were increasingly focused on the ability to compromise devices and remain resident for extended periods without detection,” the Proofpoint analysis noted, “unlike the highly destructive ransomware that characterized so many campaigns in 2016 and 2017.”