Supply Chain Attacks Plus Social Engineering: Prepared for the New Era of BEC Phishing?
Unfortunately, Business Email Compromise continues to evolve with attackers using account takeovers (ATOs) as a crucial element of supply chain attacks. Compromised credentials and emails lend authenticity to sophisticated Type 3 and 4 supply chain-based BEC attacks and allow attackers to evade detection for longer periods.
For example, there are indications that attackers in the SolarWinds supply chain attack compromised the company’s Microsoft Office 365 email as part of the drawn-out campaign.
BEC attacks are only getting more sophisticated. Based on what we’ve seen in customer environments and in the wild, here’s our annual guide to understanding the ongoing evolution of BEC.