ChannelLife Australia logo
Industry insider news for Australia's technology resellers
Story image

Abnormal Security finds financial supply chain under threat

By Zach Thompson
Mon 27 Jun 2022

New research by Abnormal Security has found a rising trend in financial supply chain compromise as threat actors increasingly impersonate vendors.

The AI-based cloud-native email security platform’s research notes that in January, the number of business email compromise (BEC) attacks impersonating external third parties surpassed those impersonating internal employees for the first time and has continued to exceed traditional internal impersonations throughout the year.

Further, in May, external, third-party impersonation accounted for 52% of all BEC attacks seen by Abnormal Security, while internal impersonation fell to 48% of all attacks.

In contrast, internal impersonation made up 60% of all attacks this time last year, signalling a 30% year-over-year increase in third-party impersonation.

Abnormal Security says financial supply chain compromise is a subset of business email compromise, where cybercriminals exploit known or unknown third-party relationships to carry out sophisticated attacks.

It adds that they intend to use the legitimacy of the vendor name to fool an unsuspecting employee into paying a fraudulent invoice, changing billing account details or sharing insight into other customers to target.

Abnormal Security says these tactics are only becoming more of a threat, with one attack the company stopped requesting $2.1 million for a fake invoice.

The report examines four known types of financial supply chain compromise: Vendor email compromise, aging report theft, third-party reconnaissance and blind third-party impersonation, each with varying levels of sophistication.

While a vendor email compromise attack depends on the threat actor understanding business relationships and financial transaction schedules, a blind-third party attack only uses traditional engineering tactics to request payments using pretexts such as impending legal actions.

Abnormal Security’s research acknowledges that all four types of attacks have been successful but says that the ones using legitimate compromised accounts are challenging to detect and can have disastrous consequences for the organisations they target.

“While financial supply chain compromise is not new, the increase in using third-party impersonation tactics is worrisome,” Abnormal Security threat intelligence director Crane Hassold says.

“Our threat intelligence team has discovered increasingly sophisticated attacks that are nearly impossible for legacy systems or end users to detect, particularly because they come from real vendor accounts, hijack ongoing conversations, and reference legitimate transactions.”

According to the FBI, business email compromise has exposed enterprises to US$43 billion in losses over the past six years, and actual losses continue to grow year-over-year, making up 35% of all losses to cybercrime in 2021 alone.

Abnormal Security says this new trend is only one example of how modern email threats have become more sophisticated and how cybercriminals continue to evolve and pivot their strategies for greater success.

Because employees have become more aware of traditional BEC attacks that depend on executive impersonation, threat actors have successfully begun impersonating other entities, often affording them greater success.

“This shift to financial supply chain attacks is another important milestone in the evolution of threat actors from low-value, low-impact threats like spam to targeted high-value, high-impact attacks,” Hassold adds.

“And because they are successful, we expect that this external impersonation will continue to rise as a percentage of all attacks, ultimately dominating the BEC landscape for the foreseeable future.”

Abnormal says this change in attacker tactics is significant because it means the ultimate victims of financial supply chain attacks are not in control of the initial compromise.

This makes it more critical for companies to maintain a strong understanding of their supply chain.

Abnormal Security uses unique AI ​​to precisely baseline good behaviour across internal and external identities and communications to address these issues.

The proprietary VendorBase technology identifies all vendors in a customer’s ecosystem to understand individual risk levels, using a federated database across all Abnormal customers.

By identifying when a vendor may have a high risk of fraud, Abnormal Security knows when an email should be examined closer for malicious activity, effectively preventing all forms of financial supply chain compromise.

Related stories
Top stories
Story image
Smartphone
Hands-on review: Samsung Galaxy Z Fold 4 smartphone
With its new range of foldable phones, Samsung has definitely brought a vibrant new energy to the smartphone market.
Story image
Cryptocurrency
Crypto crime: Illicit activity falls with rest of market
Cryptocurrency scams, which typically present themselves as passive crypto investing opportunities, are less enticing to potential victims.
Story image
SaaS
Cloudera launches all-in-one data lakehouse cloud service
CDP One makes it faster, easier and less risky for businesses to move to the cloud and migrate existing workloads to a modern data architecture.
Story image
Environment
Lenovo launches CO2 Offset Service for SMBs across A/NZ
Lenovo has announced the rollout of a new, first-of-its-kind CO2 Offset Service for SMBs across Australia and New Zealand. 
Story image
Consulting
SAS awards Zencos as the 2022 A/NZ Partner of the Year
SAS has recognised US-based financial crimes and data consulting firm Zencos with the 2022 Australia and New Zealand Partner of the Year award.
Story image
Customer
ValueFlow and FLI announce capital alliance for enhanced channel outcomes
ValueFlow and Founder Led Investments (FLI) have announced that they have entered into a capital alliance, which looks to expand ValueFlows business in Australia and Asia Pacific.
Story image
Techday
10 misconceptions about Techday and how it operates
Even with 17 years in the tech news space, Techday still finds that there are a range of things people misunderstand about how we operate.
Story image
Cloud
Microsoft announces Pax8 as indirect CSP distributor in A/NZ
Microsoft has recently announced Pax8 as a Cloud Solution Provider (CSP) indirect distributor in the A/NZ region.
Story image
Cybersecurity
CISOs need to consider a risk-based cybersecurity strategy
Rather than talking in terms of attack vectors and vulnerabilities, CISOs and security decision-makers must look at actual business risk.
Story image
Tech job moves
Tech job moves - Fastly, INX, Kinly, SmartBear & Vectra AI
We round up all job appointments from July 29 - August 12, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
ExtraHop
Organisations exposing highly sensitive protocols to public internet
More than 60% of organisations expose remote control protocol SSH to the public internet, while 36% of organisations expose the insecure FTP protocol.
Story image
Samsung
New range of Samsung Smart Watches announced with health focus
Samsung has announced new additions to its SmartWatch portfolio, with the Galaxy Watch5 and Galaxy Watch5 Pro to be released in late August.
Story image
Home security
Hands-on review: Eufy Wire-Free Dual Cam Video Doorbell 2K
We have had our house secured by Eufy products for over seven months now. We love the brand, and it has never let us down.
Story image
Cybersecurity
Education sector seeing highest volumes of cyber attacks
When breaking down the numbers to education attacks by region in July 2022, A/NZ was the most heavily attacked.
Story image
Facial recognition
Benefits vs risks of facial recognition technology
Once a distant, futuristic concept, facial recognition technology is now found in many technological applications with a variety of different functions. 
Story image
Schneider Electric
Schneider Electric launches SM AirSeT in Australia
The new medium-voltage switchgear uses pure air and vacuum interruption, completely avoiding SF6 greenhouse gas.
Story image
Cloud
Whispir reports significant revenue growth as CaaS market expands
Australian cloud platform Whispir has announced its financial results, reporting significant growth as it continues to introduce new Communications-as-a Service (CaaS) offerings to the market.
Story image
Hybrid Cloud
The essential guide to digital transformation by SolarWinds
Digital transformation is a buzzword thrown around all the time by companies, but what does it actually mean and why is it important? SolarWinds breaks it down.
Story image
Gartner
Fortinet attributes Gartner-reported growth to ZTNA approach
Zero-trust is slowly becoming a dominant enterprise security strategy for businesses, and the Gartner report highlights that although prominent, it is often underutilised.
Story image
Machine learning
Sysdig releases CDR offering to combat cryptojacking
Sysdig has unveiled a cloud detection and response (CDR) offering powered by machine learning to combat cryptojacking.
Story image
Arlo
Hands-on review: Arlo Go 2 security camera
In my humble opinion, Arlo Go 2 offers security for anyone needing to keep a remote eye on prized possessions or premises at different locations.
Story image
Communication
Motorola acquires radio comms provider Barrett Communications
Motorola Solutions says the two companies are united in delivering vital communications that organisations worldwide depend on.
Story image
Digital Transformation
Common challenges in the evolving digital world, and how to overcome them
Five technology challenges that will help highlight potential pain points and suggest how to circumvent or overcome them on the path to a smooth digital transformation.
Story image
Smartphone
Samsung introduces new generation of foldable smartphones
Samsung has unveiled its new range of Galaxy Z smartphones, bringing new developments to the company’s foldable smartphone portfolio.
Story image
Cybersecurity
Australian IT security concerns higher than before pandemic
Australian organisations are more concerned about cyberattacks than they were prior to the COVID-19 pandemic, according to a new survey.
Story image
Cybersecurity
Claroty research unveils new attack that targets PLCs
Claroty has released research detailing a new type of cyber-attack, one that weaponises programmable logic controllers (PLCs).
Story image
Cybersecurity
Study looks at gender dimensions of AU security sector
A new study will explore solutions to overcome pressing skills and diversity challenges in the Australian security sector.
Story image
Marmalade
Exclusive: Marmalade empowers businesses to take control of their cash flow
Marmalade has been making waves in the invoicing space across Australia with its world-first invoice payments platform.
Story image
IDC
Collaboration app market revenue grows 28.4% year-over-year
IDC has found that global revenues in the collaboration applications market grew 28.4% year-over-year in 2021 to $29.1 billion.
Story image
Network Management
Superloop helping Aussie K12 schools with latest offering
Superloop has launched CyberEdge, a new cybersecurity platform that will give K12 schools in Australia the tools to optimise, secure and manage their network.
Story image
Cloud Security
Lookout named Strong Performer in 2022 Gartner Peer Insights
Gartner has recognised Lookout as a Strong Performer in the 2022 Gartner Peer Insights Voice of the Customer for Security Service Edge (SSE).
Story image
Cyber attacks
Dramatic uptick in threat activity with exploits growing nearly 150%
"While it’s not a surprise given increased attack opportunities like remote work, it’s still a worrying development and one we cannot ignore."
Story image
Smartphone
Hands-on review: OPPO Find X5 smartphone
With the release of the new OPPO Find X5 in March, we got the opportunity to explore another one of their premium devices.
Story image
SmartWatch
Hands-on review: Huawei Watch D smart watch
The Huawei Watch D is the latest flagship smart watch from the Chinese tech giant, and it's further proof that the company is more than capable of competing with the likes of Samsung and Apple in the highly competitive wearable market.
Story image
Microsoft
8x more users attacked via old Microsoft Office vulnerability in Q2
"Criminals craft malicious documents and convince their victims to open them through social engineering techniques."
Story image
Unified Communications
Gold Coast private hospital improves comms with Alcatel-Lucent Enterprise solutions
With further demands placed on health workers as a result of the pandemic, they need efficient and adaptable solutions that help them effectively serve their communities.
Story image
Home Entertainment
Hands-on review: TCL 65″ C835 Mini LED 4K Google TV
We introduce you today to a TV that brings the height of immersion to your viewing experience: The TCL 65″ C835 Mini LED 4K Google TV.
Story image
Collaboration
Hybrid working success relies on the return to office
A reluctance to return to the office is impacting a would-be hybrid working model, instead leaving businesses with a mostly-remote workforce.
Story image
Data Protection
Zero Trust, but verify - finding the OT in ZerO Trust
The move to remote and cloud-based technologies has shifted the goalposts for cybersecurity. It now needs to cover multiple people, devices, platforms, and networks.
Story image
Review
Hands-on review: JBL Flip 6 portable speaker
Once you switch it on, and listen away for up to 12 hours, you will quickly realise that this is a little speaker looking for a party.
Story image
Retail
AU retailers rate their states for doing business
Retailers are optimistic about economic conditions and potential for business success in their own states, despite the current economic climate. 
Story image
Data breach
Weak breach data disclosure laws for IP theft leaves vital Australian industries vulnerable
Infoblox has seen unprecedented levels of demand for cyber protection from companies outside of the Critical Infrastructure Act who have discovered security events and those who fear falling victim to IP theft.