BEC scams & banking trojans now organisations' biggest cyber-threats

News by Jay Jay

BEC scams and other social engineering attacks more than doubled in Q4 2018 compared to the previous quarter, while Ransomware fell to just 0.1 percent of all email-based threats in Q4.

While millions of smartphone users and other technologically-active individuals need to guard against an alarming rise in the dissemination of banking trojans across the globe, organisations particularly need to stay on guard against BEC scams and other social engineering attacks which more than doubled in Q4 2018 compared to the previous quarter.

In its Quarterly Threat Report for Q4 2018, security firm Proofpoint noted an alarming rise in the use of banking trojans by cyber-criminals to target millions of people, especially those using online banking and mobile banking apps, and also social engineering tricks employed by criminals to trick employees at almost every organisation.

The firm noted that up to 56 percent of all malicious payloads in the quarter that were delivered through email were banking trojans which outnumbered other malware such as remote access trojans, downloaders, and stealers. Ransomware, which once was the weapon of choice for criminals across the globe, formed just 0.1 percent of all email-based threats in Q4.

The shift is quite significant, considering that banking trojans overtook ransomware as the top malicious payload distributed through email only a year ago. The use of Remote Access Trojans (RATs) that defeat anti-malware protections installed in targeted systems also saw a healthy growth, forming over eight percent of all malicious payloads that were delivered through email, up from just 0.04 percent in Q4 2017.

Aside from banking trojans (a majority of them being variants of Emotet) and RATs, cyber-criminals also used credential stealers (17 percent) and downloaders (17 percent) in one in every three attempts to infect targeted devices and steal credentials.

"Although Panda Banker appeared in multiple relatively large campaigns in October, EMOTET predominated for the remainder of the month, as it has for much of 2018. Banking Trojans are increasingly versatile tools employed by threat actors for delivering secondary payloads, mining cryptocurrency and collecting a range of user data beyond the banking credentials often associated with this type of malware," Proofpoint noted.

The firm also observed a worrying rise in business email compromise (BEC) attacks targeting organisations and tricking employees into sending money or sensitive enterprise information to criminals masquerading as top executives or third-party firms. While the total number of BEC attacks went up by 226 percent between Q3 and Q4, the number of fraud emails received by an average organisation rose from just 36 in Q3 to 120 in Q4, representing a rise of 476 percent.

Aside from spoofing identities of CEOs and senior management employees, cyber-criminals also spoofed domains of up to 60 percent of all organisations to trick employees or firms that formed the supply chain of major organisations.

"BEC fraud is an attack vector on the up. Cyber-criminals appear to be discovering the reality that as opposed to engaging with ‘wide-net’ phishing campaigns, they can save time and energy in researching one individual within a business such as a member of the finance or HR teams, and sending them a targeted email that they would feel remiss not to engage with, such a message from the CEO or a member of the C-suite," Corin Imai, senior security advisor at DomainTools told SC Magazine UK.

"Sites such as LinkedIn make this incredibly easy to achieve, allowing a threat actor to research members of staff in an organisation with a few clicks. To avoid the exponential growth of these scams continuing, businesses need to engage in robust training and awareness campaigns with staff, as well as investing in an email filtering system which is regularly audited and updated," she added.

According to Proofpoint, cyber-criminals have also upped their use of "social media support fraud" that involves attackers inserting themselves in legitimate conversations between consumers and brand-owned social media accounts.

Instances of social media fraud rose by about 40 percent in Q4 compared to the previous quarter and the number of social media accounts used by cyber-criminals for 'angler phishing' also rose by over 500 percent in the entire year.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews