Analysts released an email security advisory that shows how language-based business email compromise (BEC) attacks have become a growing trend for cybercriminals. The research discovered that nearly 75% of recent campaigns use language as the primary attack transmitter that threat actors used for their campaigns.
The most utilised BEC campaigns are weaponised payloads, common business workflows, malicious links, and language.
Moreover, threat actors are also adopting graymail, apart from the standard socially engineered emails. Graymail is authentic-looking emails that can avoid being sent to spam filters and can allow cybercriminals to spot out-of-office staff.
Since about last year, language-based BEC campaigns have increased more than 50% on an annual basis. Furthermore, 52% were not detected by standard email security solutions, especially the BEC attacks that targeted organisations.
BEC will be a constant threat if attackers apply more of this tactic.
If threat actors consistently use language as the primary vector for their payloads, it will be more challenging for security providers to prevent BEC attacks. These attacks increase the chances of the actor’s advanced threats such as bypassing native email security, landing in the inboxes of personnel and graymail.
Additionally, cybercriminals rely on social engineering attacks to deceive targets into executing their instructions. Therefore, standard strategies such as links, headers, and metadata will not be enough for security defence.
The addition of Language-based BEC campaigns will make things more difficult for the targets as it heavily relies on the words used in the email to trick unaware employees.
Unfortunately, BEC fraud related to the cryptocurrency landscape accounted for over $40 million in damages last year.
The growing popularity of business email compromise attacks, especially the language-based vectors, implies that malicious threat actors are exploiting the major weakness of companies. These threats also pose an increased concern regarding its SMS application, meaning language-based payloads can infect mobile usage.
Organisations should develop policies that carefully monitor these attacks to tackle this issue. They should also add more authentication before any transactions or wire transfers be made by users.
Implementing this strict and proactive measure will indeed mitigate the effects caused by these new threats and attack vectors.
