Cyberattackers Turn To Payments Fraud, Ransomware As Tech Firms Fight Back

As businesses fall victim to cyberattacks, new data is rolling out to show the prevalence of these incidents — and the scope of efforts by tech firms to help keep businesses safe. In this week’s B2B Data Digest, PYMNTS examines some of these numbers, finding that businesses are falling victim to payments fraud, but that tech firms are taking actions to mitigate cyber risks. 

81 percent is the share of business owners who experienced payments fraud in 2019, according to a JPMorgan Chase announcement, citing a recent poll by the Association for Financial Professionals (AFP) and J.P. Morgan. The financial institution (FI) has rolled out Fraud Protection Services, which is a new digital center with bolstered fraud protection offerings that assist small and mid-sized customers in safeguarding their companies and securely supervising money. Companies can sign up and find the FI’s fraud tools via a dashboard that assists them in utilizing security features like bolstered check monitoring and protection.  

40 percent is the portion of business email breaches that happened on websites used for personal uses, according to a new study that indicates that the use of company emails for personal use by staff is making companies vulnerable, as cited by IT Brief. NordVPN Teams researchers looked at worldwide breach activity and examined more than 1.7 million breaches. Business emails on media and entertainment platforms in Europe and the U.S. are broadly used by employees for personal uses. Education and technology verticals are the most impacted sectors by data incidents.

$749,000 was the value of merchandise fraudsters purporting to be local institutions of higher education and government organizations allegedly netted after tricking businesses, The Straits Times reported. The companies were recipients of emails that appeared to be from a standard procurement address or a person who indicated that his or her position was the chief procurement officer. Those communications asked for the prices of electronics, healthcare technologies and information technology-related products. A bogus purchase order (PO) was delivered to the firm once a deal was struck, and payment did not take place. Authorities have taken in a minimum of 11 reports of so-called PO schemes as of August.

13 billion is the minimum number of “malicious and suspicious mails” that Microsoft blocked last year, according to a blog post from the tech company. Microsoft said that the most typical reason for its “incident response engagements” from October of last year to July of this year was ransomware. Moreover, the company said that IoT threats keep growing and changing. The first half of this year had a 35 percent rise in overall attack volume in contrast to the latter half of last year. Furthermore, the company said the most typical attack techniques that nation-state actors used in the past year were credential harvesting, reconnaissance, virtual private network (VPN) exploits and malware.

140 is the minimum number of victim entities that the Sodinokibi variety of ransomware has claimed as of the time it came to the surface in April of last year, ZDNet reported. Over one-third of the ransomware strain’s victims have been estimated to have made a ransom payment. In addition, more than one in 10 — or 12 percent — of victims had sensitive information sold on the dark web via auction. The cost of information in those auctions ranges between $5,000 and in excess of $20 million. Furthermore, Sodinokibi hacks comprise one third of ransomware incidents that IBM Security X-Force has reacted to this year until now.