• by Ray Schultz , July 31, 2018

Business email attacks grew in the second quarter, and firms using Microsoft 365 are the hardest-hit, according to a study by insurer Beazley.

Beazley tracked 184 attacks in the second quarter through its Beazley Breach Response (BBR) Services, compared with 89 in the same period last year. Email compromise schemes accounted for 23% of the incidents. 

Of the data breaches reported by Beazley, 39% were malware attacks and 22% were accidental disclosure. However, malware was down 3% from the first quarter, despite an increase in email compromises. 

Such incursions can cost a company over $2 million, Beazley claims. 

“Business email compromise attacks are among the more expensive data breaches we see,” states Katherine Keefe, head of BBR Services. “Years of emails often need to be combed through to identify personally identifiable information or protected health information that has been compromised. In the majority of cases, multiple inboxes are compromised.”

Sophisticated attackers can exploit PowerShell to log in to Office 365 for more extensive reconnaissance, and can search every inbox in a company, says Mandiant’s Dasha Tarassenko.

In the higher education sector, malware episodes fell by 4% from the first quarter to comprise 43%, Beazley reports. 

The financial services field saw a decrease in malware reports, which now comprise 49% of all incidents, down from 55% in the first quarter.

In healthcare, accidental disclosure made up 38% of the breaches, vs. 29% in the first quarter, and malware 26%. In one episode, a healthcare provider was hit with legal fees, forensic costs, programmatic review and manual review of 350,000 documents, totaling almost $800,000. In addition, there were call center and credit monitoring costs amounting to $150,000. 

“Phishing emails coming out of the compromised accounts are becoming more targeted and impressively crafted than ever before,” states Tarassenko, according to Beazley. “They’re not just sending thousands of spam emails.”

Tarassenko adds: “They’re doing reconnaissance within the compromised inbox and then tailoring the next phishing email to the recipient.”