The shift to remote work amid the COVID-19 pandemic makes employees more susceptible to BEC attacks and gives threat actors the opportunity to apply tactics likely to be successful given these working conditions, new research shows.
Trends in BEC and email security during Q2 2020 included a peaking and plateauing of COVID-19-themed email attacks, an increase in BEC attack volume and acceleration of payment and invoice fraud, according to data released by Abnormal Security this week.
The research uncovered surges in COVID-19-themed email security attacks that emerged in the first quarter of 2020 and continued in Q2, with weekly campaign volume increasing 389% between Q1 and Q2.
Most notably, researchers observed a continued increase in BEC attacks ‘favoring’ finance department employees over C-level executives – a trend that registered a 50% spike quarter-over-quarter.
Payment and invoice fraud attacks, largely driven by vendor fraud, grew 112% spiking at the end of June. A surge in payment and invoice fraud related to the pandemic was also recorded.
The data shows that the shift to remote work makes employees more susceptible to BEC attacks, giving malicious actors the opportunity to apply tactics likely to be successful given these working conditions.
Bitdefender obtained similar results from a survey of 6,724 security and IT professionals in May 2020 across Europe, APAC and North America.
As more employees started working from home during the pandemic, infosec professionals were becoming increasingly concerned about the security implications. More than one in three (34%) feared that employees were feeling more relaxed about security issues because of their surroundings, while others worried that employees were not sticking to protocol, especially in terms of identifying and flagging suspicious activity (33%). Their fears were overwhelmingly founded, as 86% of those surveyed admitted attacks on their infrastructure rose during the pandemic.