• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Subscribe
  • Project of the Week
  • About Us
    SEARCH
Network Security, News

Armorblox: BEC Attacks Increased by 72% YOY

BEC attacks surged 72% YoY with companies being targeted by language-based and socially engineered attacks across industries, finds Armorblox.

April 13, 2023 Alyssa Borelli Leave a Comment

spear phishing, Phishing bait alert concept on a smartphone screen
Backcountry Media / stock.adobe.com

Threat researchers at email security firm Armorblox have found that business email compromise (BEC) attacks have increased dramatically by 72% year-over-year. In its second, annual 2023 Email Security Threat Report, the company says it continues to see high volumes of language-based and socially engineered attacks targeting organizations of all sizes and across industries. Vendor compromise and fraud is also rising as a new attack vector and graymail is wasting 27 hours of time for security teams each week.

The Sunnyside-Calif.,-based security copmany’s report is based on data gathered across more than 58,000 customers, analyzing over 4 billion emails and stopping 800,000 threats every month.

Armorblox 2023 Email Security Report Key Findings

  • Small and medium-sized businesses (SMBs) are particularly vulnerable to vendor fraud and supply chain email attacks. More than half of vendor compromise attacks targeted technology organizations (53%).
  • Bad actors are still infiltrating legitimate business workflows to steal sensitive business information. Business workflows involving email notifications were the most compromised, a significant uptick over 2021. Half of all attacks involve sensitive user data, such as user login credentials (52%).
  • BEC attacks continue to evolve. Language remains the main attack vector in 4 out of 5 (77%) BEC attacks that bypassed legacy solutions in 2022.
  • With the widespread use of email for business communications, half of account compromise attacks targeted SMBs (58%), proving to be a persistent and prevalent threat.
  • 20% of BEC attacks involved graymail or unwanted solicitation and security teams can find themselves spending upwards of 27 person hours a week manually sorting and deleting graymail across inboxes.
  • Of all attacks in 2022, half bypassed legacy security filters (56%).
  • In 2022, there was a 70% increase in phishing attacks, compared to 63% in the previous year.

Financial Fraud, Insider Threats on the Rise

In addition, financial fraud attacks such as payroll, payment and invoice fraud increased by 72% over 2022 and are expected to continue to rise in 2023. With tools such as ChatGPT, in 2023 Armorblox expects to see a significant increase in the total number of BEC emails that flood user mailboxes inside of organizations. With an increasing hybrid approach to work, more campaigns will rise that use work-from-home-related reasons to target employees.

“Based on threats analyzed by Armorblox across our customer base of over 58,000 organizations, we see over half of email attacks targeting critical business workflows aim to exfiltrate sensitive user data. These attacks often involve bad actors infiltrating legitimate business communications to alter sensitive business information, such as assigning new routing numbers for payment requests,” said DJ Sampath, co-founder and CEO of Armorblox, in a statement. “These attacks use language as the primary attack vector to impersonate trusted SaaS applications, vendors, and VIPs. This only increases the critical need for organizations to augment native and legacy security layers with modern API-based solutions that use a broad set of deep learning algorithms, machine learning models, data science approaches, and natural language-based techniques to understand the content and context of communications, and protect against these targeted attacks.”

The Armorblox 2023 Email Security Threat Report presents the associated trends for targeted email attacks across the following threat types – vendor compromise, BEC, financial fraud, phishing attacks, impersonation attacks, account compromise and graymail. The report uncovers the vulnerabilities in legacy email security filters, the sensitive user data at risk across compromised business workflows, and the gratuitous work security teams juggle in response to high volumes of graymail emails.

View Armorblox’s complete 2023 Email Security Report here.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Tagged With: Armorblox, BEC, email security, social engineering

Related Content:

  • InfoComm Logo InfoComm 2023 Show to Spotlight Emerging Technologies
  • MOVEit vulnerability, zero-day, Progress Software Act Now: Vulnerability in Progress Software’s MOVEit Transfer…
  • iPhone security bug, Apple, Kaspersky Kaspersky Discovers New 0-Click iOS Exploit
  • C919 The Cyberattacks and Insider Threats During The Development…

Free downloadable guide you may like:

  • Download TechDecisions' Blueprint Series report on Security Awareness now!Blueprint Series: Why Your Security Awareness Program is Probably Falling Short

    Learn about the evolution of phishing attacks and best practices for security awareness programs to ensure your organization is properly prepared to defend against them in this report from TechDecisions' Blueprint Series.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Download TechDecisions' Blueprint Series report on Security Awareness now!
Blueprint Series: Why Your Security Awareness Program is Probably Falling Short

Learn about the evolution of phishing attacks and best practices for security awareness programs to ensure your organization is properly prepared t...

Workplace Collaboration Tools for Corporate Spaces
Workplace Collaboration Tools for Corporate Spaces

From lobbies and shared spaces to conference rooms and multipurpose facilities, you need high-performing AV technology to effectively share informa...

ChatGPT, generative AI, enterprise, workplace
Blueprint Series: ChatGPT and Generative AI in the Workplace

This latest release of the TechDecisions Blueprint Series explores the new phenomenon of tools such as ChatGPT and how IT leaders should go about d...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Media Solutions & Advertising
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSTERMS OF USEPRIVACY POLICY

© 2023 Emerald X, LLC. All rights reserved.