eCommerce News New Zealand logo
The latest digital commerce news for Kiwi businesses
Story image

Abnormal Security finds financial supply chain under threat

By Zach Thompson
Mon 27 Jun 2022

New research by Abnormal Security has found a rising trend in financial supply chain compromise as threat actors increasingly impersonate vendors.

The AI-based cloud-native email security platform’s research notes that in January, the number of business email compromise (BEC) attacks impersonating external third parties surpassed those impersonating internal employees for the first time and has continued to exceed traditional internal impersonations throughout the year.

Further, in May, external, third-party impersonation accounted for 52% of all BEC attacks seen by Abnormal Security, while internal impersonation fell to 48% of all attacks.

In contrast, internal impersonation made up 60% of all attacks this time last year, signalling a 30% year-over-year increase in third-party impersonation.

Abnormal Security says financial supply chain compromise is a subset of business email compromise, where cybercriminals exploit known or unknown third-party relationships to carry out sophisticated attacks.

It adds that they intend to use the legitimacy of the vendor name to fool an unsuspecting employee into paying a fraudulent invoice, changing billing account details or sharing insight into other customers to target.

Abnormal Security says these tactics are only becoming more of a threat, with one attack the company stopped requesting $2.1 million for a fake invoice.

The report examines four known types of financial supply chain compromise: Vendor email compromise, aging report theft, third-party reconnaissance and blind third-party impersonation, each with varying levels of sophistication.

While a vendor email compromise attack depends on the threat actor understanding business relationships and financial transaction schedules, a blind-third party attack only uses traditional engineering tactics to request payments using pretexts such as impending legal actions.

Abnormal Security’s research acknowledges that all four types of attacks have been successful but says that the ones using legitimate compromised accounts are challenging to detect and can have disastrous consequences for the organisations they target.

“While financial supply chain compromise is not new, the increase in using third-party impersonation tactics is worrisome,” Abnormal Security threat intelligence director Crane Hassold says.

“Our threat intelligence team has discovered increasingly sophisticated attacks that are nearly impossible for legacy systems or end users to detect, particularly because they come from real vendor accounts, hijack ongoing conversations, and reference legitimate transactions.”

According to the FBI, business email compromise has exposed enterprises to US$43 billion in losses over the past six years, and actual losses continue to grow year-over-year, making up 35% of all losses to cybercrime in 2021 alone.

Abnormal Security says this new trend is only one example of how modern email threats have become more sophisticated and how cybercriminals continue to evolve and pivot their strategies for greater success.

Because employees have become more aware of traditional BEC attacks that depend on executive impersonation, threat actors have successfully begun impersonating other entities, often affording them greater success.

“This shift to financial supply chain attacks is another important milestone in the evolution of threat actors from low-value, low-impact threats like spam to targeted high-value, high-impact attacks,” Hassold adds.

“And because they are successful, we expect that this external impersonation will continue to rise as a percentage of all attacks, ultimately dominating the BEC landscape for the foreseeable future.”

Abnormal says this change in attacker tactics is significant because it means the ultimate victims of financial supply chain attacks are not in control of the initial compromise.

This makes it more critical for companies to maintain a strong understanding of their supply chain.

Abnormal Security uses unique AI ​​to precisely baseline good behaviour across internal and external identities and communications to address these issues.

The proprietary VendorBase technology identifies all vendors in a customer’s ecosystem to understand individual risk levels, using a federated database across all Abnormal customers.

By identifying when a vendor may have a high risk of fraud, Abnormal Security knows when an email should be examined closer for malicious activity, effectively preventing all forms of financial supply chain compromise.

Related stories
Top stories
Story image
Environment
Lenovo launches CO2 Offset Service for SMBs across A/NZ
Lenovo has announced the rollout of a new, first-of-its-kind CO2 Offset Service for SMBs across Australia and New Zealand. 
Story image
Gartner Magic Quadrant
Spryker named Gartner Visionary in 2022 Magic Quadrant for Digital Commerce
Spyker has announced it has been recognised by Gartner as a Visionary in the 2022 Magic Quadrant for Digital Commerce.
Story image
Cyber resilience
NZ’s Cyber Resilience Framework to be evolving and potentially automated
The government's already putting $2.4 million into the Cyber Resilience Framework in its initial stages, what is it and why is it important?
Story image
Sustainability
CDC hyperscale data centres now open in New Zealand
CDC Data Centres (CDC) says two new, state-of-the-art hyperscale data centres are now open for business in Auckland.
Story image
Sustainability
NZ program recovers and recycles more than 177 tonnes of e-waste
The TechCollect NZ pilot program says its milestone of recovering and recycling more than 177 tonnes of ICT e-waste recognises the efforts of many.
Story image
Customer
OfficeMax NZ sees significant growth through Seismic partnership
OfficeMax New Zealand has announced it has seen a significant increase in customer and sales confidence as a result of Seismic’s digital enablement software.
Story image
Sales
BNZ launches first tap-on-phone point of sale app in NZ
Bank of New Zealand has launched BNZ Pay, an innovative mobile app for retailers that transforms an Android device into a contactless payment terminal. 
Story image
Apps
Freshworks integrates with Google's Business Messages
"The integration with Freshworks makes it fast and easy for businesses to have conversations with their customers within the Google apps."
Story image
Cloud
Sitecore caters to modern marketing teams with CMS cloud launch
"Sitecore's move towards a composable SaaS offering for creating and delivering digital experiences is in line with what marketing teams are looking for.”
Story image
Revenue
Cisco NZ revenue declines by over $18.5 million - report
Cisco NZ has released its latest financial report, showing the company's total revenue has declined by more than $18.5 million year-over-year.
Story image
SaaS
OpenText launches new solutions on Salesforce AppExchange
Included in this latest launch is OpenText Core Content, a Content Services platform that customers can leverage to effectively manage their content.
Story image
Customer
Airwallex launches an online payments app on Shopify
Airwallex has launched an online payments app on Shopify, allowing merchants to integrate a gateway plugin on their online store to accept payments from their global customers.
Story image
Cloud
Microsoft and Auckland Transport announce new cloud agreement
Auckland Transport (AT) and Microsoft have announced a new cloud agreement aimed at promoting innovation, reducing costs and improving sustainability in transport services.
Story image
Financials
Google NZ numbers show strong comprehensive profit increase
The latest financial report from Google New Zealand Limited has revealed an increase in total comprehensive profit of over $NZD 7 million.
Story image
Facial recognition
Māori data specialists not consulted on facial recognition technology - data sovereignty expert
Māori data specialists are accusing the government of ignoring them while going ahead and expanding the reach of facial recognition technology.
Story image
Artificial Intelligence
Oracle unveils AI-powered application to automate sales
Oracle has unveiled the next generation of Fusion Sales, an application that automates sales and identifies the opportunities worth pursuing.
Story image
Social Media
ActiveCampaign reveals consumers seek trusthworthy content
Consumers will engage with new brands across all channels, including online, in-store and social media, as long as the content is relevant and trustworthy.
Story image
CRM
Forrester names Pega a Leader in CRM Solutions 2022 report
Forrester Research has named Pega a Leader among 11 competitors in The Forrester Wave: Core CRM Solutions, Q3 2022 report.
Story image
Forrester
SAS is a leader in anti-money laundering - Forrester
The latest Forrester report revealed that SAS received the highest score in the anti-money laundering category of 15 vendors.
Story image
Sustainability
Visa launches Eco Benefits solutions in Australia and NZ
Eco Benefits is a suite of sustainability-focused solutions that will help Visa cardholders better understand the environmental impact of their payments.
Story image
Tablets & laptops
Chromebook and tablet shipments see another rapid decline for the year
According to research from Canalys PC Analysis, Chromebook and tablet shipments have fallen for the fourth quarter in a row for Q2 of 2022.
Story image
KICKS CREW
KICKS CREW selects Forter to help scale global eCommerce operations
KICKS CREW has selected Forter to help scale its global digital commerce operations.
Story image
Phishing
Akamai research finds PayPal security measures utilised in new phishing scam
New research from Akamai has found that a new threat actor is parasitising benign WordPress sites to execute an extensive PayPal phishing scam.
Story image
Commerce Commission
The NZ TCF endorses move by ComCom to promote TDR dispute scheme
The New Zealand Telecommunications Forum has welcomed the move by the Commerce Commission to further promote customers' access to the Telecommunications Dispute Resolution Scheme (TDR).
Story image
Customer experience
BillingPlatform introduces new enhancements to revenue management services
Some of the new developments include hosted payment pages, and new and updated connectors to Salesforce, NetSuite, OneSource, Avalara and other enterprise systems.
Story image
Artificial Intelligence
Cyara rolls out comprehensive, automated chatbot feature
Cyara has unveiled new chatbot testing features with the latest release of Cyara Botium, creating a solution for comprehensive, automated chatbot testing and assurance.
Story image
Revenue
IBM NZ sees significant revenue increase in latest report
IBM NZ has posted revenue of $172,449,000 for the financial year, according to its latest report, a year-over-year increase of over $47.5 million compared to $124,904,000 in 2020.
Story image
Printers
Comedy legend Jimeoin fronts Epson advertising campaign in NZ and Australia
According to Epson the company’s EcoTank models now account for 74% of all printers sold in the category in New Zealand, alone.
Story image
Google Cloud
Google Cloud to open first cloud region in NZ - among others
Google Cloud has announced plans to bring three new cloud regions, one each in New Zealand, Malaysia and Thailand.
Story image
Payments
Tranxactor Group to build customer loyalty with Oracle
Tranxactor has chosen Oracle Cloud Infrastructure (OCI) with Enterprise Database Service to allow it to provide brands with immersive customer engagement and loyalty programs.
Story image
Firewall
Why printing security plays a vital part in keeping Aotearoa safe
While internet printing, mobile printing and other similar technologies have no doubt made things easier to manage, it has also brought a whole new set of problems to the table.
Story image
Customer experience
Exclusive: How Accenture is changing the customer experience game
Creating highly personalised real-world customer experiences using API, near-field communication, and spatial technology is about taking a traditional experience and elevating the customer journey into a digital world.
Story image
Economics
9 in 10 retailers prepared for economic challenges this year
Some 9 in 10 retailers (86%) are prepared for continued inflation, higher interest rates and potentially lower consumer spending, according to new research.
Story image
Internet
InternetNZ appoints new chief executive. Will take over in October
InternetNZ has announced the appointment of its new chief executive, with Vivien Maidaborn taking over the role from interim chief Andrew Cushen in October.
Story image
ShopBack
Forter and ShopBack enhance partnership to further prevent fraud
Forter and ShopBack have enhanced their partnership with the addition of better eCommerce security solutions for customers.
Story image
Planning
Digital key for smart investment in public infrastructure for NZ cities
Major public infrastructure projects can better manage risks of cost overruns and delays if they deploy data and digital tools at the earliest planning stages.
Story image
Cybersecurity
eCommerce fraud increasing pressure on businesses margins
It is vital for businesses to maximise the value of every dollar by turning away as many fraudulent actors as possible without blocking good customers."
Story image
Microsoft
Infobip’s SMS and WhatsApp services are now available through Microsoft
Infobip has integrated its WhatsApp and SMS channels through Microsoft Dynamics 365 Sales and Microsoft Dynamics 365 Marketing.
Story image
eCommerce
Marketplacer and Intelligent Reach to help retailers sell online
Intelligent Reach can now support Marketplacer marketplaces that want to sell their products through other places, such as Google and Facebook, eBay and Amazon.
Story image
Financial results
Facebook NZ financial report reveals notable revenue increase
Revenue from contracts with customers increased by NZD$1,089,292 compared to 2020's figures.