IT Security Thing attended RSAC 2016 and met up with Joseph Opacki from PhishLabs, and learned about the BEC threat.
Opacki, formerly Senior Director of Global Research at iSIGHT Partners and Technical Director of Advanced Digital Forensics in the Operational Technology Division of the FBI (specialising in malware reverse engineering), talked about the recently published ‘Phishing Trends & Intelligence Report: Hacking the Human.’ The PhishLabs analysis determines that spear phishing remains the primary initial attack vector used by APT actors, although some 22 per cent of attacks analysed during 2015 were reported as being motivated by financial fraud or related crimes. Yet while financial institutions and payment services remained the most highly targeted organisations, when looked at in terms of overall phishing volume share there was a decline across the year. Not so the number of organisations being targeted with Business Email Compromise (BEC) attacks, for which the PhishLabs analysis noted the largest increase during 2015.
