A recently released Microsoft threat intelligence report has revealed that hackers are purchasing residential IP addresses close to businesses they’re targeting to better avoid fundamental security detection processes.
This is one of several sophisticated tactics fueling a surge in effective business email compromise attacks. Microsoft says there's been a 38 percent increase in Cybercrime-as-a-Service targeting business email between 2019 and 2022.
Although password managers are generally considered a secure way to manage your personal passwords, from a business perspective, passwordless authentication is safer, as it means credentials are traveling around networks less and less.
Business Email Compromise: A Growing Threat
Microsoft’s Threat Intelligence Digital Crimes Unit detected 35 million business email compromise (BEC) attempts between April 2022 and April 2023, which amounts to an average of 156,000 attacks a day over the same period.
Microsoft says it closed down 416,678 malicious URLs between May 2022 and April 2023.
The company also revealed in their 2023 Cyber Signals report the most common types of phishing mail that unsuspecting victims are receiving right now, based on data from January to April of 2023:
Hackers Buy IP Addresses to Avoid “Impossible Travel” Flags.
Microsoft says it’s charted an “increase in sophistication” of tactics used by malicious actors that specialize in compromising the emails of business people.
Specifically, attackers are turning to platforms like BulletProfitLink – which provides “hosting and automated services” that can aid business email compromise attacks – in greater numbers.
Alongside trying to steal usernames and passwords via BEC, threat actors are also buying IP addresses from residential IP services that correspond to the location of their targets.
This helps the attackers skirt around “Impossible Travel” flags and more easily create backdoors in target networks.
“Impossible Travel” is a detection used to indicate that a user’s account may be compromised. Simply put, if a user seemingly connects from two different geographical locations at two different times, and the time between those locations couldn't have been made through normal air travel, it’s flagged as suspicious.
A localized IP address, however, acts as a cloak against this detection – which is why they're being purchased by scammers and hackers.
How Can You Protect Your Company From Business Email Compromise?
To keep yourself and your business secure, Microsoft suggests configuring your email system to flag mail from external parties, as well as educating staff on the telltale signs of phishing emails.
This is particularly crucial as threat actors change their tactics regularly. But further, tools like ChatGPT – which can churn out cogent, mistake-free email copy in seconds – mean that standards of spelling and grammar hold less weight when deciding whether an email is genuine in 2023 than at any other time.
As we mentioned in the introduction, password managers can be a great way to ensure all your personal passwords are long and unique, but Microsoft suggests moving towards a passwordless verification system, to minimize credential usage.
The tech giant also recommends adopting a secure payment system so you’re not getting invoices emailed directly to your inbox. It might seem like a long checklist, but with email compromise attacks on the rise, it's better to be safe than sorry.