Ransomwares ROI Retreat Will Drive More BEC Attacks

  /     /     /  
Publicated : 23/11/2024   Category : security


Ransomwares ROI Retreat Will Drive More BEC Attacks


Crackdowns are driving down ransomware profits, and analysts see signs that operators are pivoting to business email compromise attacks, security researcher warned.



RSA CONFERENCE 2022 – San Francisco – Law enforcement crackdowns, tighter cryptocurrency regulations, and ransomware-as-a-service (RaaS) operator shutdowns are driving down the return on investment for ransomware operations across the globe. 
Abnormal Security threat researcher Crane Hassold, in a presentation at the RSA Conference, laid out his latest analysis of the ransomware threat landscape, predicting that there will be a pivot from ransomware toward renewed interest in basic business email compromise (BEC) attacks in the next 6 to 12 months. 
Ransomware attacks grab headlines and have been supercharged by a few prolific RaaS operators, Hassold explained. But crackdowns on just one group can make an enormous dent. 
Ransomware is a centralized ecosystem with small numbers of operators responsible for the majority of attacks, Hassold said. 
He pointed to the recent disappearance of Pysa, leaving just two groups, Conti and Lockbit, with more than 50% of the share of the total ransomware attacks in the first half of 2022. BEC groups, on the other hand, are diffuse and scattered, making them much harder to eradicate, Hassold added. 
Although theyre not as quick to make the headlines,
BEC attacks
have cost business more than $43 billion since 2016, according to the FBI, and make up $1 out of every $3 lost to cyberattacks, far outpacing ransomware losses, Hassold said. 
Ransomware has
had a moment
over the past couple of years, Hassold explained, in part because once threat actors were able to abandon arcane wire transfers to collect ransoms and rely on cryptocurrency, caps on transactions were lifted and it became simple to collect much larger amounts. But new crypto regulations are chilling the ability of these cybercriminals to rely on its infrastructure to do business, adding what Hassold called friction to the transactions. 
BEC attacks, by comparison, rely on social engineering to corrupt a businesss financial supply chain to get employees to willingly part with the cash, making them exponentially harder to track and stop.  
By far, the most-used BEC tactic is the standard gift-card swindle, tricking employees to buy bogus gift cards, meaning the tried-and-true grift is still working. But Hassold said the BEC landscape is shifting from impersonating internal employees to posing as external business contacts. 
Once inside a business email account, attackers will wait and gather intelligence that can help them impersonate a trusted source. Todays BEC attacks are aimed at a companys financial supply chain, and once threat actors are inside, they will look for opportunities to spoof vendor emails to send payments to controlled accounts, change direct deposit information of executives to steal their paychecks, and even order aging reports showing which vendors owe the company. Once they have an aging report, an attacker will simply try to reach out to partners and collect any outstanding balances. 
In short, social engineering works. 
BEC, in my opinion, is the clear threat to enterprises everywhere, Hassold warned. These attacks disproportionately impact business. 
He added there is already evidence that ransomware operators and West African BEC attackers have already started comparing notes. 
Theyre not collaborating, but interacting, Hassold said. Those relationships might harden in the future. 

Last News

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Ransomwares ROI Retreat Will Drive More BEC Attacks