Microsoft warned of an increase in cybercriminal activities against business emails, saying that hackers are using more commoditized tactics to deploy their attacks.
In a recent report, Microsoft stated that business email compromise (BEC) is accelerating and hacking tactics are becoming more sophisticated. BEC is a type of phishing attack where cybercriminals impersonate someone else in an email and lure their target into sending sensitive information.
According to Microsoft, there were 35 million BEC attempts from April 2022 to April 2023, with 156,000 attempts happening each day on average. BEC attackers mostly targeted company executives, senior leaders, finance managers, and human resource staff who have access to employee records to get information they need.
Furthermore, the tech giant wrote that they found a 38% increase in cybercrime-as-a-service (CaaS) incidents targeting business emails from 2019 to 2022. CaaS is a term used to describe a business model where threat actors sell their tools and services to other individuals. The company discovered a significant trend among attackers who use platforms that provide services, such as creating large-scale malicious email campaigns.
