【Press Release】Business Email Compromise attacks highlighted as an emerging threat in the inaugural Green Radar Email Threat Index
(Hong Kong, 26 August 2021) Green Radar (Hong Kong) Limited (“Green Radar” or “Company”) launched the inaugural Green Radar Email Threat Index (“GRETI” or the “Index” ）for the second quarter of 2021. The GRETI revealed the level of risks that organizations are exposed to remain at a high level, with an Index score of 63. The Index indicated that the most prominent email threats, including phishing and malware attacks, are shown as high and moderate levels respectively, with Business Email Compromise (BEC) attacks becoming an emerging threat with the potential to cause a high level of impact to businesses.
The Index was constructed using data originating from Green Radar’s proprietary artificial intelligence (AI) and machine learning engine aidar™. It intercepts about 70% of the millions of daily incoming emails. Among those, 18.6% are flagged as highly sophisticated email attacks by aidar™ with the assistance from a team of experts at the Green Radar Security Operations Centers in Hong Kong and Singapore (SOCs). The GRETI aims to raise awareness of email threats posed to organizations and assist cybersecurity practitioners with the latest threat trends and insights to develop appropriate protective measures.
Phishing and Malware popular with fraudsters
The GRETI report highlighted phishing as the most frequently reported attack vector. Phishing activity remained high throughout the second quarter, and it was especially pronounced in June as fraudsters took advantage of Taobao’s 618 shopping festival to plant fake goods delivery emails.
Although the level of attacks due to malware has moderated during the second quarter of the year, the report noted that fraudsters deployed new tactics and techniques to embed malware inside email attachments to evade and bypass technical controls. The most common malware recorded is the Exploit.MSOffice family that exploit vulnerabilities in Microsoft Office software. Infected devices can allow cybercriminals to control the user’s device, destroy data, capture keystrokes and give them access to the broader corporate network.
Business Email Compromise costly for their victims
The consequence to organizations that fall victim to Business Email Compromise (BEC) attacks can be catastrophic even though the attack volume is small. With financial institutions often the target of attacks, fraudsters deploy this method to create highly realistic and tailored emails, impersonating big-name brands to add credibility in their attempt to cause harm and financial loss for their victims. The top three most impersonated brands identified in the report are LinkedIn, DHL and Microsoft.
Information has shown that a financial services firm in Hong Kong has lost HK$41 million from a BEC scam in 20201. According to the statistics of Federal Bureau of Investigation (FBI), BEC attacks cost global businesses a staggering US$1.8 billion in 2020.2
Mr. Kenneth Ma, Senior Vice President of Sales at Green Radar commented, “The introduction of GRETI provides latest threat trends and insights for cybersecurity practitioners. With GRETI results showing the high-risk level of attack, organizations are advised to take proactive measures including the cybersecurity awareness training to employee and effective email detection engine adoption on a holistic and timely basis.”
For full report of the “Green Radar Email Threat Index 2021 Q2 ”, it can be downloaded from: https://www.greenradar.com/email-threat-index/
Green Radar today announced the inaugural Green Radar Email Threat Index(GRETI) for 2021 Q2. (Left) Mr. Kenneth Ma, Senior Vice President of Sales & Mr. Andrew Lam, Executive Vice President, Security Business Strategy of Green Radar
Among those 70% intercepted incoming emails to local businesses, 18.6% are flagged as highly sophisticated email attacks by aidar™ with the assistance from a team of experts at the Green Radar Security Operations Centers in Hong Kong and Singapore (SOCs)