Barracuda has tracked over 100K BEC attacks this year

Researchers at Barracuda Networks have identified thousands of malicious accounts using email services from major providers that have been used to conduct over 100,000 business email compromise (BEC) attacks.

Since the beginning of 2020, Barracuda has identified 6170 malicious accounts that use Gmail, AOL and other legitimate email services and were responsible for attacks on nearly 6600 organisations.

Since April, such malicious accounts have been behind 45% of BEC attacks detected, the company said.

According to the ACCC, BEC scams cost Australian businesses $132 million in 2019.

The Barracuda research found that 85% of BEC attacks are urgent requests designed to get a fast response, with 1 in 10 spear phishing emails successfully tricking users into clicking. For emails impersonating employees from HR or IT, that number triples.

Barracuda Sales Engineer Manager Mark Lukie said many malicious actors target multiple organisations from the same email accounts.

“While most malicious accounts are used by attackers for a short period of time, some cybercriminals used these accounts to launch attacks for over year. It’s not unusual for cybercriminals to return and re-use an email address in attacks after a long break,” he said.

But Lukie said technology can come to the rescue to reduce the success rate of BEC attacks.

“With the help of innovative technologies such as AI-powered tools, organisations can get better at spotting spoofed and malicious emails. Combined with a renewed focus on more progressive approaches to staff training, organisations can begin to fight back,” he said.

Image credit: ©stock.adobe.com/au/weerapat1003