Security researchers have found that CEOs are spoofed the most by hackers as business email compromise (BEC) attacks remain one of the top threats to enterprises across the globe. According to a recent FBI report in May, global losses due to BEC scams since 2013 have soared to a whopping $5.3bn (£3.4bn).
According to recently published Trend Micro's "2017 Midyear Security Roundup: The Cost of Compromise" report, researchers said the most spoofed position is the CEO, followed by a company's managing director and president. Meanwhile, the most targeted positions are the CFO, the finance director and finance manager.
Analysing a random sampling of BEC email attacks, researchers said some of the most common words and phrases associated with BEC-related emails to trick victims include "acquisition," "contract", "instructions", "invoice", "request" and "swift response needed".
Hackers often rely on old techniques in BEC attacks, researchers said, such as the "supplier swindle scheme" that sees threat actors spoofing a company that is related to or does business with their primary target. However, they usually turn to using malware-laced "social engineering" emails.
"Because it relies mostly on social engineering, BEC typically does not require sophisticated system penetration," the report reads. "It is imperative, then, for enterprises to employ email solutions that can provide protection against socially engineered messages and gateway solutions that can block emails containing malware such as keyloggers."
Trend Micro also says training to spot and report suspicious BEC attempts is key, particularly for personnel in critical departments such as finance.
"High-ranking executives and rank and-file employees alike, if uninitiated, could be duped into sending funds via wire transfer or revealing information necessary for cybercriminals to pull off their fraudulent schemes," the firm said.
Since the beginning of 2017, Trend Micro detected more than 3,000 BEC attempts thus far.
The United States was targeted with the most attempted BEC attacks (30.96%) followed by Australia (27.4%) and the UK (22.46%). In comparison, Norway and Canada were targeted significantly less often with 4.88% and 3.43%.
"Enterprises need to prioritize funds for effective security upfront, as the cost of a breach is frequently more than a company's budget can sustain," Trend Micro CEO Max Cheng said in a statement. "Major cyberattacks against enterprises globally have continued to be a hot-button topic this year, and this trend is likely to continue through the remainder of 2017. It's integral to the continued success of organizations to stop thinking of digital security as merely protecting information, but instead as an investment in the company's future."
The report also highlighted the major WannaCry and Petya ransomware attacks that crippled thousands of businesses across the globe in April and June. Global losses from the WannaCry attack that infected over 300,000 computers in 150 countries amounted to as much as $4bn.
In the first half of 2017, Trend Micro said it detected more than 82 million ransomware threats.
"For all the wide-ranging publicity about these incidents involving ransomware, however, it is interesting to note that growth in the number of new ransomware families has plateaued in the first half of 2017, with 83 million total ransomware threats detected, and an average of 28 new families detected," Trend Micro said.
"Nevertheless, this period of relative stabilization sees cybercriminals focusing on diversifying in terms of potential victims, platforms, and bigger targets."