In 2020, fearware flooded our inboxes, ransomware stalked our schools, and email account compromises stumped our supply chain. What new tactics and techniques can we expect email attackers to deliver in 2021? Dan Fein, director of email security products at Darktrace, gives his five predictions for security teams.
(Image: MGhozi via Adobe Stock)
Supply Chain Fraud Will Overtake CEO FraudTime and again, says Fein, security leaders tell him their priority is to protect C-level executives. "If the company is really secure, it's hard [for an attacker] to get to that C-suite," says Fein. The alternative for attackers? "Just go after whoever that company trusts."
Fein says that when attackers can take over the legitimate email account of a trusted third-party supplier, they can net a big return without ever interacting with a C-level executive.
Suppliers and contractors with large client bases may become ever more tempting targets, Fein says. Why work hard to compromise 1,000 companies separately when you can compromise one (and send fraudulent invoices to 1,000)?
There are signs already hinting in this direction. Research earlier this year found spoofing attacks that target the C-suite were decreasing, as attackers increasingly focused on staff in accounts payable departments. And as email account compromise attacks grow more sophisticated – even circumventing multifactor authentication – the type of threat Fein mentions just becomes easie ..
Support the originator by clicking the read the rest link below.
