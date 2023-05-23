



The number of cCybercrime as a service targeting business email jumped 38% between 2019 and 2022 globally, according to a Microsoft report. Led by Microsoft, Cyber ​​Signals highlights security trends and insights gathered from Microsoft’s 43 trillion daily security signals and 8,500 security experts. The report highlights an increase in cybercriminal activity around business email compromise (BEC), common tactics employed by BEC operators, and how businesses can defend against these attacks. Between April 2022 and April 2023, Microsoft Threat Intelligence detected and investigated 35 million BEC attempts with an average of 156,000 attempts per day. He also observed a 38% increase in cybercrime as a service targeting business email between 2019 and 2022. One such service is BulletProftLink which creates industrial-scale malicious mail campaigns, which sell an end-to-end service including templates, hosting and automated services for BEC. BEC’s primary targets are executives and other senior managers, CFOs, human resources personnel with access to employee records such as social security numbers, tax returns, and other PII. New employees who are less likely to verify unknown email requests are also targeted. Almost all forms of BEC attacks are on the rise. Top trends in targeted BEC attacks include Decoy (62.35%), Payroll (14.87%), Invoice (8.29%), Gift Card (4.87%), and commercial information (4.4%). Instead of exploiting vulnerabilities in unpatched devices, BEC operators seek to exploit the daily sea of ​​email traffic and other messages to trick victims into providing financial information or taking direct action such as unknowingly sending funds to money mule accounts that help criminals make fraudulent money transfers. BEC attempts by threat actors can take many forms such as phone calls, text messages, emails or social media outreach. Don’t miss: MINISO Hong Kong says it has no connection to a fraudulent website Microsoft has provided some suggestions for protecting against BEC attacks. First, companies can take advantage of cloud applications that use AI capabilities to strengthen defenses, adding advanced protection against phishing and detection of suspicious transfers. Fundamentally, enterprises must secure identities to prohibit lateral movement by controlling access to applications and data with Zero Trust and automated identity governance. Additionally, adopting a secure payment platform can reduce the risk of fraudulent activity by moving invoices sent via email to a purpose-built system to authenticate payments. Additionally, companies can educate employees to spot fraudulent and other malicious emails, such as a domain-to-email address mismatch, and the risks and costs associated with attacks. BEC successful. Vasu Jakkal, Corporate Vice President, Security, Compliance, Identity and Management at Microsoft, said: The BEC attacks provide a prime example of why cyber risk needs to be addressed cross-functionally with IT, compliance and cyber risk leaders around the table alongside executives. and corporate executives, finance employees, human resources managers, and others with access to employee records. While we need to bolster existing defenses with AI capabilities and phishing protection, companies also need to train their employees to spot the warning signs to prevent BEC attacks. MARKETING-INTERACTIVE has contacted Microsoft for more information. Related Articles: Microsoft’s Bing gets a jolt with AI capabilities, but will comfortable consumers actually switch from Google?

