CIO Influence
CIO Influence News Security

New Research from Abnormal Security Shows the Rise of Business Email Compromise Attacks Sent from Israel

New Research from Abnormal Security Shows the Rise of Business Email Compromise Attacks Sent from Israel

Abnormal Security, the leading behavioral AI-based email security platform, announced a new threat report that reveals a number of business email compromise (BEC) attacks linked to a threat group based in Israel—a historically unlikely location for BEC threat actors. The report is based on Abnormal research surrounding more than 350 BEC campaigns from these attackers dating back to February 2021.

Most BEC attacks have historically originated in West Africa, with 74% of all attacks analyzed by Abnormal over the past year based in Nigeria. And while many BEC actors found in other countries are connected to Nigeria, there are no indications that the threat group examined in this report has any direct Nigerian ties—making it a notable outlier in the BEC threat landscape.

The research provides a view into how the Israel-based group executes an attack across two phases, each employing a different persona—one internal and one external. The primary pretext is that the organization is working through the confidential acquisition of another company, and the targeted employee is asked to help with the initial payment required for the merger.

CIO INFLUENCE: HTC Global Services and Azentio Software Confirm Strategic Partnership to Offer Next-Generation Digital BFSI Solutions

The attackers start by impersonating the targeted employee’s CEO before handing off the correspondence to a second external persona, typically a mergers and acquisitions attorney, whose job it is to coordinate the payment. In some campaigns, once the attack has reached this second stage, the group asks to transition the conversation from email to a voice call via WhatsApp, both to expedite the attack and to minimize the trail of evidence.

Key findings from the report include:

  • Targets are primarily large and multinational enterprises with more than $10 billion in average annual revenue. Across these targeted organizations, employees from 61 countries across six continents received emails.
  • The average amount requested in an attack by this group is $712,000, more than ten times the average BEC attack.
  • Most emails from this threat group are written in English, but they are also translated into Spanish, French, Italian, and Japanese.
  • The frequency of campaigns follows a cyclical pattern, with 80% of attacks occurring during three periods of the year: March, June-July, and October-December.

CIO INFLUENCE: Exascend Launches Industrial-Grade SD and MicroSD Cards to Meet Growing IoT Edge Storage Demand

“Ultimately, the motivation here is no different from any other BEC attack: to make money as quickly and as easily as possible,” said Mike Britton, chief information security officer at Abnormal. “What is interesting is that these attackers are based in Israel, which is not a country historically connected to cybercrime, and which has traditionally been a location where cybersecurity innovation is prevalent.”

The research shows how BEC is continuing to spread, and how attackers are employing more sophisticated, multi-phase attack tactics as they set their sights on massively larger sums of money than we’ve seen before. To prevent these attacks, enterprises will need an intelligent cloud email security solution that can precisely detect and block attacks before they reach email inboxes.

The Abnormal platform uses behavioral AI to baseline known-good behavior across employees, vendors, applications, and tenants in the email environment. By understanding what is normal, Abnormal can then detect anomalies and remediate malicious emails in seconds, before employees ever have an opportunity to engage with them. This risk-adaptive approach enables Abnormal to prevent emails sent from attackers like this Israel-based group and others, so organizations can stay safe from evolving email attacks.

CIO INFLUENCE: CSI Adds IT Governance to Advisory Services Offering as Cybersecurity, Regulatory Landscapes Grow in Complexity

[To share your insights with us, please write to]

Related posts

Castra Announces Partnership with Cribl to Enhance Data Visibility

PR Newswire

AppOmni Introduces the AppOmni Developer Platform to Provide Universal SaaS Security Across All Enterprise SaaS Applications

CIO Influence News Desk

Slalom and AWS Bring First Launch Center to Japan

CIO Influence News Desk