Expel Report Reveals Hackers Focusing On Business Email And Application Compromises

‘More than 50 percent of the incidents, we detect, it‘s not malware. It’s not I‘m trying to deploy a backdoor on your computer. It’s, ‘I just want your identity so I can use that identity to do something,’” Expel’s Jon Hencinski says.

Cybersecurity vendor Expel traded its monthly attack vector reports for quarterly reports to give customers a better scope of current dangers. The report also provides ways to stay guarded against cyberattacks.

In the first Expel quarterly threat report, the Herndon, Va.-based startup discovered hackers are targeting Microsoft Office 365.

“When these attackers are trying to break into these organizations, they’re not exploiting vulnerabilities in these applications. They’re taking advantage of features in these products to get an employee to open a document and execute malicious code and embedded macro or take advantage of a feature,” said Jon Hencinski, director of threat detection and response at Expel.

Within Microsoft Office 365, the report found more than half the incidents reported revolved around business email compromise (BEC).

“More than 50 percent of the incidents we detect, it’s not malware. It’s not, ‘I’m trying to deploy a backdoor on your computer.’ It’s: ‘I just want your identity so I can use that identity to do something.’

Nearly a quarter of Expel customers faced a BEC attempt at least once and 8 percent of customers were targeted more than three times also within Microsoft Office 365.

“Organizations are likely a very viable target, given the fact that there‘s so many payments that they’re processing every single day,” Hencinski said.

While security awareness training may help, Hencinski said it isn’t enough.

“If an attacker can get an employee to submit their username and password, they can add a third field and say, ‘Hey, what’s your multifactor authentication code as well.’ So while I think employee awareness training is worth thinking about I think the better investment is Fido, security keys for your employees and organizations.”

Hencinski continues saying, “Let‘s make these applications more secure by default so attackers can’t take advantage of those features for bad things to happen.”

Expel’s quarterly report also offers guidance to help customers, and clients stay resilient.

“What it‘s highlighting to me is that we’re now shifting, and we‘re seeing more of the aftereffects of moving to a more of a remote workforce. Everyone’s still making the shift and lift from on prem to cloud, and we‘re all in these hybrid environments. When you start moving to those hybrid environments, you have new attack vectors that are open,” said Ryan Benson, director of security operations services at Austin, Texas-based IT service management company Stratascale.