Criminal gangs are exploiting a new “side door” into organizations via connected third-party applications including everything from calendars to creative tools. Thwarted by the recent success of anti-phishing cybersecurity and aided by artificial intelligence (AI), criminal gangs are now compromising email accounts through third-party attacks.
“Third-party applications connected to the email environment are being exploited, and organizations are making the lives of bad actors easier as they continue to connect more applications with high-risk permissions. Application overload is a common and dangerous trend,” says cybersecurity firm Abnormal Security.
Abnormal Security believes that, although vulnerabilities in third-party software accounted for 13% of all breaches in 2022, costing organizations an average of US$4.55 million per incident, the problem has since worsened considerably. It quotes a recent vendor email compromise (VEC) attack that almost netted the criminals US$36 million, although most VEC attacks target less than US$150,000.
VEC and BEC attacks continue to rise
The number of VEC and business email compromise (BEC) attacks rose in the first half of 2023, continuing a trend Abnormal Security has seen over the last five years. In the first half of 2023, BEC attacks increased by 55% over the previous six months, and nearly half of all organizations have received at least one VEC attack since January. In the first half of 2023, BEC attacks increased by 55% over the previous six months, and nearly half of all organizations have received at least one VEC attack since last January.
Abnormal Security believes that there has been an exponential increase in connected third-party applications where employees connect to third-party applications via their email accounts to increase productivity and streamline workflows. However, each time a user authorizes access to a new third-party application, they may be granting it the power to read and write emails, create calendar invitations, edit or delete company files, or manipulate data in other ways—all of which can put the organization’s security at risk.
According to Abnormal Security: “What is surprising, however, is simply how many applications the largest organizations have installed—an average of nearly 4,000 for those companies with 30,000+ employees. On the other end of the spectrum, we see an average of nearly 300 applications for organizations with fewer than 3,000 mailboxes.”
These “side door” attacks are particularly dangerous due to their ability to mimic legitimate vendor communications or hijack real conversations to encourage recipients to update banking account information or send fraudulent payments.
“The cost of these attacks to businesses can be frightening, strain relationships with customers and partners, and severely slow down operations,” warns Abnormal Security.
