"Threat Actors Increasingly Use Third Parties to Run Their Scams"

Abnormal Security discovered that in January 2022, the number of business email compromise (BEC) attacks impersonating external third parties surpassed those impersonating internal employees for the first time and has continued to exceed traditional internal impersonations each month since.  The researchers noted that in May 2022, external, third-party impersonation made up 52% of all BEC attacks seen by Abnormal, while internal impersonation fell to 48% of all attacks.  Just one year prior, internal impersonation accounted for 60% of all attacks, marking a 30% year-over-year increase in third-party impersonation.  The researchers stated that financial supply chain compromise is a subset of business email compromise in which cybercriminals take advantage of known or unknown third-party relationships to launch sophisticated attacks.  The attackers' goal is to use the legitimacy of the vendor name to trick an unsuspecting employee into paying a fraudulent invoice, changing billing account details, or providing insight into other customers to target.  The researchers noted that these tactics are increasingly dangerous, with one attack stopped by Abnormal requesting $2.1 million for a fake invoice.  According to the FBI, business email compromise has exposed organizations to $43 billion in losses over the past six years, and real losses continue to grow year over year, making up 35% of all losses to cybercrime in 2021 alone. 

Help Net Security reports: "Threat Actors Increasingly Use Third Parties to Run Their Scams"