Hyland 160x1200

Hyland 160x1200

Hyland 705x108

Friday, 24 June 2022 08:59

New trend in business email compromise emerges as vendor impersonation overtakes CEO fraud

By Abnormal Security

GUEST RESEARCH: Abnormal Security, the leading AI-based cloud-native email security platform, announced today the release of new research that showcases a rising trend in financial supply chain compromise as threat actors impersonate vendors more than ever before.

In January 2022, the number of business email compromise (BEC) attacks impersonating external third parties surpassed those impersonating internal employees for the first time and has continued to exceed traditional internal impersonations in each month since. In May 2022, external, third-party impersonation made up 52% of all BEC attacks seen by Abnormal, while internal impersonation fell to 48% of all attacks. Just one year prior, internal impersonation accounted for 60% of all attacks—marking a 30% year over year increase in third-party impersonation.

Financial supply chain compromise is a subset of business email compromise in which cybercriminals take advantage of known or unknown third-party relationships to launch sophisticated attacks. The goal is to use the legitimacy of the vendor name to trick an unsuspecting employee into paying a fraudulent invoice, changing billing account details, or providing insight into other customers to target. These tactics are increasingly dangerous, with one attack stopped by Abnormal requesting US$2.1 million ($3.1 million) for a fake invoice.

Throughout the report, Abnormal dives into four known types of financial supply chain compromise—vendor email compromise, aging report theft, third-party reconnaissance, and blind third-party impersonation—each with varying degrees of sophistication. Whereas a vendor email compromise attack requires the threat actor to understand business relationships and financial transaction schedules, a blind third-party attack simply leverages traditional social engineering tactics to request payments using pretexts like impending legal actions. While all four types of attacks have seen success, those that use legitimate compromised accounts are extremely difficult to detect and can be disastrous to the companies they target.

“While financial supply chain compromise is not new, the increase in using third-party impersonation tactics is worrisome,” states Abnormal Security director of threat intelligence Crane Hassold. “Our threat intelligence team has discovered increasingly sophisticated attacks that are nearly impossible for legacy systems or end users to detect, particularly because they come from real vendor accounts, hijack ongoing conversations, and reference legitimate transactions.”

According to the FBI, business email compromise has exposed organisations to US$43 billion ($62 billion) in losses over the past six years, and real losses continue to grow year over year, making up 35% of all losses to cybercrime in 2021 alone. This new trend is just one example of the increasing sophistication of these modern email threats, and how cybercriminals continue to evolve and optimise their strategies for success. As employees become more aware of traditional BEC attacks that rely on executive impersonation, threat actors have successfully started to impersonate other entities—often with larger degrees of success.

Said Hassold, “This shift to financial supply chain attacks is another important milestone in the evolution of threat actors from low-value, low-impact threats like spam to targeted high-value, high-impact attacks. And because they are successful, we expect that this external impersonation will continue to rise as a percentage of all attacks, ultimately dominating the BEC landscape for the foreseeable future.”

So why does this shift in attacker behaviour matter? For one, it means the ultimate victims of financial supply chain attacks are not in control of the initial compromise, which makes it more important than ever for companies to maintain a robust understanding of their supply chain. To solve this problem, Abnormal Security uses unique AI to precisely baseline good behaviour across internal and external identities and communications. The proprietary VendorBase technology identifies all vendors in a customer’s ecosystem to understand individual risk level, using a federated database across all Abnormal customers. By recognizing when a vendor may have a high risk of fraud, Abnormal knows when an email should be more heavily scrutinized for malicious activity, effectively preventing all forms of financial supply chain compromise.

To learn more about financial supply chain compromise and download the full report, click here.

Read 786 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News