Expel Report Reveals Hackers Focusing On Business Email And Application Compromises

July 08, 2022, 12:58 PM EDT

‘More than 50 percent of the incidents, we detect, it‘s not malware. It’s not I‘m trying to deploy a backdoor on your computer. It’s, ‘I just want your identity so I can use that identity to do something,’” Expel’s Jon Hencinski says.

Cybersecurity vendor Expel traded its monthly attack vector reports for quarterly reports to give customers a better scope of current dangers. The report also provides ways to stay guarded against cyberattacks.

In the first Expel quarterly threat report, the Herndon, Va.-based startup discovered hackers are targeting Microsoft Office 365.

“When these attackers are trying to break into these organizations, they’re not exploiting vulnerabilities in these applications. They’re taking advantage of features in these products to get an employee to open a document and execute malicious code and embedded macro or take advantage of a feature,” said Jon Hencinski, director of threat detection and response at Expel.

Within Microsoft Office 365, the report found more than half the incidents reported revolved around business email compromise (BEC).

“More than 50 percent of the incidents we detect, it’s not malware. It’s not, ‘I’m trying to deploy a backdoor on your computer.’ It’s: ‘I just want your identity so I can use that identity to do something.’

Nearly a quarter of Expel customers faced a BEC attempt at least once and 8 percent of customers were targeted more than three times also within Microsoft Office 365.

“Organizations are likely a very viable target, given the fact that there‘s so many payments that they’re processing every single day,” Hencinski said.

While security awareness training may help, Hencinski said it isn’t enough.

“If an attacker can get an employee to submit their username and password, they can add a third field and say,…