Microsoft’s latest edition of Cyber Signals has reported a significant rise in cybercriminal activity, especially Business Email Compromise (BEC) attempts across Asia.
The report, based on insights from Microsoft’s 43 trillion daily security signals and a team of 8,500 security experts, has revealed alarming trends.
From April 2022 to April 2023, Microsoft Threat Intelligence detected 35 million BEC attempts, averaging 156,000 daily. In addition, a 38% increase in Cybercrime-as-a-Service targeting business email was observed between 2019 and 2022.
Notably, services like BulletProftLink, which industrialize malicious mail campaigns, have emerged as prominent facilitators of such attacks.
Unlike traditional cyberattacks that exploit system vulnerabilities, BEC operators manipulate daily communication like emails, calls, text messages, or social media outreach to extract financial information or prompt victims into actions such as money transfers to fraudulent accounts.
Vasu Jakkal, corporate vice president at Microsoft, emphasized the cross-functional approach needed to tackle cyber risks, stating, “While we must enhance existing defenses through AI capabilities and phishing protection, enterprises also need to train employees to spot warning signs to prevent BEC attacks.”
To mitigate BEC risks, Microsoft recommends leveraging AI-enhanced cloud applications for advanced phishing protection and suspicious forwarding detection. The adoption of Zero Trust and automated identity governance for access control, alongside secure payment platforms, can further curb these attacks.
Microsoft also underscored the importance of continuous employee education to identify fraudulent emails and comprehend potential risks, a proactive approach towards maintaining a resilient cybersecurity infrastructure in Asia.