Two-Fifths of Firms Have Suffered "BPC" Attacks

Over two-fifths of organizations have fallen victim to a so-called Business Process Compromise (BPC) attack, despite widespread ignorance from senior execs about the threat, according to Trend Micro. The security giant polled over 1100 IT decision makers responsible for security across the UK, US, Germany, Spain, Italy, Sweden, Finland, France, Netherlands, Poland, Belgium and the Czech Republic. It found that 43% had been impacted by a BPC: a type of highly targeted attack in which hackers look to manipulate an organization’s unique business processes to their own ends. They typically involve an initial compromise followed by plenty of lateral movement inside the victim organization to conduct reconnaissance on security gaps and internal processes. Perhaps the most famous case of a BPC to date was the attack on Bangladesh Bank where hackers installed multiple layers of malware into the bank’s IT systems to exploit the communications process between the bank and SWIFT. A total of $81m was lost, although the figure could have been much higher if an eagle-eyed employee had not spotted a spelling error on a transfer.