According to the latest BEC threat report released by Barracuda Networks, cybercriminals are increasingly using legitimate accounts such as Gmail and AOL for counterfeiting and BEC attacks.
The report shows that criminals used 6,170 malicious accounts of Gmail, AOL, and other email services to launch more than 100,000 BEC attacks, affecting nearly 6,600 organizations. More importantly, since April 1, these “malicious accounts” have participated in 45% of all BEC attacks detected.
The essence of the so-called BEC attack is that cybercriminals use malicious accounts to imitate employees or trusted partners and send highly personalized messages to induce other employees to leak sensitive information or transfer money.
The preferred email service for malicious accounts is Gmail, which accounts for 59% of all email domains used by cybercriminals. Yahoo is the second most popular email service, but only accounts for 6% of all malicious account attacks observed.
Researchers have also observed that 29% of malicious accounts have been used for less than 24 hours, which can minimize the detection and shutdown of email providers. However, a common phenomenon is that cybercriminals will return after a long period of dormancy and re-use the previous email address to attack.
After analyzing the attacks on 6,600 organizations, the researchers found that in many cases, cybercriminals used the same email address to attack different organizations. A single malicious account can attack up to 256 organizations, accounting for 4% of the total number of studies.
Similarly, the number of email attacks sent by a malicious account ranges from 1 to more than 600 emails, with an average of 19.