The number of incidents involving business email compromise (BEC) has doubled, replacing ransomware as the most common type of financially motivated cyber threat to organisations, according to new research. 

The growth in BEC was linked to a surge in successful phishing campaigns, accounting for 33% of incidents where the initial access vector (IAV) could be established, a near three-fold increase compared to 2021 (13%). 

With talk of advanced AI-driven threats dominating the cybersecurity industry, new research by the Secureworks Counter Threat Unit has revealed that most real-world security incidents have more humble beginnings highlighting a need for businesses to focus on cyber hygiene to bolster their network defences.

Between January and December 2022, Secureworks helped contain and remediate over 500 real-world security incidents. The data from these incidents was analysed by Secureworks CTU researchers to establish trends and emerging threats. 

An equally popular entry point for attackers both nation state and cybercriminal was to exploit vulnerabilities in internet-facing systems, representing a third of incidents where IAV could be established. Typically, threat actors did not need to use zero-day vulnerabilities, instead relying on publicly disclosed vulnerabilities such as ProxyLogon, ProxyShell and Log4Shell to target unpatched machines. 

The research found ransomware incidents fell by 57%, but remain a core threat. This reduction could be due as much to a change in tactics as it is to a reduction in the level of the threat following increased law enforcement activity around high-profile attacks, like Colonial Pipeline and Kaseya. Equally, gangs may be targeting smaller organisations, which are less likely to engage with incident responders.

“Business email compromise requires little to no technical skill but can be extremely lucrative,” says Mike McLellan, Director of Intelligence at Secureworks.

“Attackers can simultaneously phish multiple organisations looking for potential victims, without needing to employ advanced skills or operate complicated affiliate models,” he says.

“Let’s be clear, cybercriminals are opportunistic not targeted….