Vendor Email Compromises Surge And They Are Targeting Critical Infrastructure Organizations

According to a new report published by Abnormal Security, recent data shows a sharp increase in socially engineered vendor email compromises (VEC) with the likelihood of an organization falling victim to such an attack up to 70% from 45% a year before.

The report details a series of reoccurring VEC attacks where attackers targeted multiple critical infrastructure organizations including two healthcare companies, two logistics firms and one manufacturing company by compromising the vendor email accounts and targeting 15 customers.

The attacks involved sending seemingly legitimate emails with familiar language and known domains from the compromised vendor accounts and attempting to reroute invoices to new bank accounts, following a fake updated payment policy.  The security experts highlighted that traditional email security tools struggle to identify such VEC attacks due to their social engineering nature and that technologies, such as behavioral AI, identifying deviations from normal user behavior and patterns would offer a more proactive approach.

Emily Phelps, Director, Cyware had this comment:  

“It is likely we will continue to see an increase in tactics like this. As technologies become more difficult to compromise, threat actors can rely on social engineering tactics that exploit human behavior. Adversaries don’t even need to break into an organization’s perimeter to steal valuable data. These VEC attacks can be just as effective with significantly less risk of detection.  

“It’s important to arm employees with regular security awareness training to ensure they can recognize the signs of a social engineering scam. Behavioral AI can help identify anomalies. Ensuring a security team’s functions – threat intelligence, security automation, orchestration, and response – are unified will also enable organizations to eliminate silos and operate more efficiently to improve resilience against repeatable attacks.”

Carol Volk, EVP, BullWall adds this:

“Attacks which cloaked themselves with the identity of known vendors (VEC) or business associates (BEC) will continue to be a serious concern. The new large language model AIs may be able to spot this sort of activity, but it will still be a popular vector for malicious actors. The best we can hope for is to prepare for the attack with good user training, system/data backups and containment systems.”

Clearly the bad guys are evolving. Thus those who defend against threat actors like these need to evolve as well so that techniques like these are far less effective.

Leave a Reply

%d bloggers like this: