Business Email Compromise attacks have surged in popularity over 2020, says new Barracuda research

New report from Barracuda looks at the latest ways cybercriminals launch spear-phishing attacks and exploit compromised email accounts

by Patrick Sullivan, Political Editor on 18 December 2020 11:18


A new report from Barracuda, a trusted partner and leading provider of cloud-enabled security solutions, revealed that Business Email Compromise attacks made up 12 per cent of all spear-phishing attacks throughout 2020, a huge increase from just 7 per cent in the year before.

This key finding was just one of many insights revealed in the new report, titled: Spear Phishing: Top Threats and Trends Vol. 5 - Best practices to defend against evolving attacks, which takes an in-depth look at how attackers are quickly adapting to current events and using new tricks to successfully execute attacks — spear phishing, business email compromise, pandemic-related scams, and other types.

The report revealed that 72 per cent of COVID-19-related attacks are scamming. In comparison, 36 per cent of overall attacks are scamming.

Attackers prefer to use COVID-19 in their less targeted scamming attacks that focus on fake cures and donations. Furthermore, 13 per cent of all spear-phishing attacks come from internally compromised accounts, so organisations need to invest in protecting their internal email traffic as much as they do in protecting from external senders.

Interestingly, 71 per cent of spear-phishing attacks include malicious URLs, but only 30 per cent of BEC attacks included a link. Therefore, hackers using BEC want to establish trust with their victim and expect a reply to their email, and the lack of a URL makes it harder to detect the attack.

“Cybercriminals adapt very quickly when they find a new tactic or current event that they can exploit, as their response to the COVID-19 pandemic proved only too well,” said Don MacLennan, SVP, Engineering & Product Management, Email Protection, Barracuda.

“Staying aware of the way spear-phishing tactics are evolving will help organizations take the proper precautions to defend against these highly targeted attacks and avoid falling victim to scammers’ latest tricks.”

blog comments powered by Disqus