LATEST INTELLIGENCE understand why , we take you through each attack step by step to show you how each one worked and how cybercriminals tried to take advantage of human vulnerabilities . Then we tell you how they were stopped .
This volume covers attacks that rely on social engineering . In volume 2 , we ’ ll cover more technical attacks .
SECTION 1 – BEC and Supply Chain Attacks
In business email compromise ( BEC ) attacks , a threat actor pretends to be a person or entity that a recipient trusts , like a colleague , vendor , or partner . Many of today ’ s BEC schemes are highly sophisticated , wellfunded , and backed by careful planning and research .
In the past few years , these attacks have been a cash cow for cybercriminals . The 2023 FBI Internet Crime Report notes that they cost U . S . businesses $ 17 billion . Globally , businesses lost an eye-watering $ 50 billion . In contrast , ransomware victims lost $ 1.1 billion .
The scenario
Proofpoint detected this BEC incident at a global retailer that has more than 40,000 users . The threat came from the retailer ’ s supply chain , and its existing security tool failed to detect it . This example is helpful because it highlights how quickly the cybersecurity landscape evolves .
How the attack played out
Here ’ s a closer look at how the attack unfolded :
1 . The deceptive message . The global retailer received an email from a sender within its supply chain who wanted their payment information updated . But what seemed like a routine request was malicious , as the sender ’ s account had been compromised .
2 . The malicious lookalike domain . The attacker wanted to redirect response emails to a newly registered lookalike domain . Their goal was to intercept sensitive data and divert funds . p
www . intelligentcio . com INTELLIGENTCIO APAC 21