"Ransomware's ROI Retreat Will Drive More BEC Attacks"

Law enforcement crackdowns, tougher cryptocurrency laws, and the shutdown of Ransomware-as-a-Service (RaaS) operators are lowering the return on investment (ROI) for ransomware operations worldwide. Crane Hassold, a threat researcher at Abnormal Security, presented his latest analysis of the ransomware threat landscape at the RSA Conference, predicting that in the next 6 to 12 months, there will be a shift away from ransomware and toward renewed interest in basic Business Email Compromise (BEC) attacks. Ransomware attacks make headlines and have been boosted by a few prolific RaaS operators. However, focusing on taking down only one group might have a significant impact. Hassold pointed out that ransomware is a centralized ecosystem containing small numbers of operators responsible for most attacks. He cited Pysa's sudden absence, which left only two gangs, Conti and Lockbit, with more than half of the overall ransomware attacks in the first half of 2022. BEC organizations, on the other hand, are diffused and dispersed, making them considerably more difficult to destroy, according to Hassold. According to the FBI, BEC attacks have cost businesses more than $43 billion since 2016, accounting for $1 out of every $3 lost to cyberattacks, greatly exceeding ransomware losses. This article continues to discuss how RaaS operator crackdowns will drive more BEC attacks. 

Dark Reading reports "Ransomware's ROI Retreat Will Drive More BEC Attacks"