A new report out today from managed cybersecurity services company Arctic Wolf Networks Inc. finds a significant increase in business email compromise attacks, with 70% of all organizations reportedly targeted by BEC attacks in the last 12 months.

The 2024 Arctic Wolf Trends report, based on a survey of its customers and internal data, found that though artificial intelligence-based attacks are gaining a lot of attention when it comes to malicious attacks, they are not driving the most breaches globally. According to Arctic Wolf, BEC attacks continue to be the most prevalent form of attack.

BEC attacks involve hackers gaining access to a business email account to deceive and defraud organizations, often leading to significant financial losses. The attacks are highly prevalent and sophisticated, making them a top threat in the cybersecurity landscape.

Along with noting that 70% of all organizations had been targeted by a BEC attack at least once in the previous 12 months, 25% of Arctic Wolf Incident Response engagements in the first quarter of 2024 involved BEC. Of those, finance was the most affected industry, followed closely by the construction industry.

One of the best ways to protect against BEC attacks is multifactor authentication, and the report noted that companies are starting to get the MFA message. Of the Arctic Wolf BEC engagements in the first quarter, only 25% of companies and organizations targeted were not using MFA, down from 58% in 2023.

The report does note, however, that actually enforcing identity management measures, rather than purchasing and then “setting and forgetting” them, is still an essential step. It’s suggested that this take — putting MFA in place but then not establishing enforcement and protocols — could be the reason for the other 75% of all BEC engagements.

The report also dives into several likely reasons why MFA attacks are still occurring. Some threat actors were found to be using “phishing kits” that spoof a legitimate login page, fooling their target into entering their credentials. The credentials are then forwarded to the actual login page, triggering an MFA prompt that the phishing site forwards to the victim, who fills that out as well –– granting the threat actor access to the targeted service.

Other techniques to work around MFA include MFA fatigue attacks, where attackers send a flood of login attempts in the hope that a user will click “accept” at least once.

The report makes several recommendations on how companies should address BEC attacks, such as adopting a multilayered approach. Such an approach should include enforcing robust identity controls such as MFA and passwordless authentication techniques, along with advanced detection tools that integrate with email services to monitor and analyze unusual login behaviors.

Additionally, Arctic Wolf recommends that organizations undertake regular and engaging security awareness training for employees is crucial to mitigate human error, which continues to be a significant vulnerability. Companies should also ensure that security measures are not just implemented but also actively enforced, with continuous monitoring and updates to adapt to evolving threats.

Image: SiliconANGLE/Dall-E 3