Spotlighting BEC Attacks in Europe: A Region At Risk

The data doesn’t lie: cybercriminals launch email attacks targeting every organization—regardless of size, industry, or location. However, while these threats are geographically agnostic and our research has revealed that the volume of nearly all attack types is continuously growing, not every region is targeted by the same attacks at the same rate.

We recently dug into attack trends over the past year, focusing on how the threat landscape differs between the US and Europe. Here’s what we discovered.

Between April 2023 and April 2024, the volume of phishing attacks targeting organizations in the US and European enterprises increased by 112.4% and 91.5%, respectively.

This matches the general attack trends Abnormal has observed in recent years, with phishing being a persistent threat that occurs at a consistently growing rate and that regularly accounts for the majority of advanced attacks. Phishing attacks are also the most common cybercrime tracked by the FBI Internet Crime Complaint Center (IC3), and between 2018 and 2023, the number of phishing incidents reported to the FBI IC3 surged by 11 times.

Although phishing falls squarely in the bottom third of all attack types tracked by the IC3 in terms of total losses, it’s frequently just the first step in a variety of crimes and is often used more as a way to gain a foothold rather than the end goal.

A successful credential phishing attack grants threat actors access to usernames and passwords that can be leveraged to compromise other accounts and launch additional, more damaging attacks. Phishing emails can also be a mechanism for deploying malware, which enables cybercriminals to steal or ransom data, disrupt operations, and execute espionage.

Business email compromise (BEC) represents one of the top cybersecurity threats to modern enterprises, with $2.9B lost in 2023 alone.

Because these emails are text-based, rely on social engineering rather than exploiting technical vulnerabilities, and rarely contain obvious indicators of compromise (such as malicious links or attachments) they are difficult for legacy security solutions to detect. This leaves employees—notoriously the weakest link in the cybersecurity chain—as the last line of defense.

BEC attacks targeting US enterprises rose by 72.2% year over year. While that’s certainly nothing to shake a stick at, organizations in Europe experienced a remarkable 123.8% increase in BEC attacks in April 2024 compared to April 2023. Several factors likely contributed to this spike.

Any surge in international crises and world events often engenders a corresponding growth in cyberattacks. Thus, the escalation of the conflicts between Russia and Ukraine as well as Israel and Palestine are presumably influencing the recent rise of business email compromise attacks—particularly those targeting European enterprises.

These events have not only created opportunities to manipulate recipients (for example, through charitable donations scams) but have also motivated threat groups to ramp up attacks on targets with whom the groups disagree politically.

Vendor email compromise (VEC) tends to occur at a lower rate than other threats like phishing for a few reasons. Primary among those is that cybercriminals will always choose the path of least resistance, and VEC, though lucrative, is a high-effort attack type.

That being said, it would seem some attackers have deemed the effort worth the reward, as the growth in VEC attacks targeting European organizations dwarfed the increase in those targeting enterprises in the US, 85.5% to 10.2%.

A possible contributing factor is the increasing adoption and utilization of the Single Euro Payments Area (SEPA), a payment integration initiative launched by the European banking and payments industry. While the goal of SEPA is to make cross-border euro payments as easy, efficient, and secure as domestic payments, its implementation could potentially lead to a spike in invoice and payment fraud attacks.

SEPA transactions require standardized formats for payment transactions, making it easier for attackers to create counterfeit invoices that resemble legitimate ones. Additionally, SEPA facilitates faster and less expensive cross-border transactions, leading to a rise in transaction volume—creating more opportunities for threat actors to engage in fraudulent activities.

Despite the differences in regional trends, one thing is clear: email attacks are only going to increase in volume. To complicate matters, the democratization of generative AI has enabled threat actors to craft malicious emails that are lightyears ahead of their predecessors with respect to sophistication and believability.

Attackers have cracked the code and recognize the most effective way to infiltrate an enterprise is by taking advantage of the human vulnerability. Thus, protecting your organization requires adopting a solution that stops malicious emails before they reach employee inboxes, eliminating opportunities for them to engage with attackers.

See for yourself how Abnormal AI provides comprehensive email protection against attacks that exploit human behavior. Schedule a demo today.