Business Email Compromise (BEC) is evolving into a severe cyber threat, especially for small and medium-sized businesses. As traditional endpoint security becomes more robust, attackers are shifting focus toward exploiting human errors, trust, and communication channels. These attacks frequently bypass multi-factor authentication (MFA) and involve tactics like credential theft, adversary-in-the-middle (AiTM) attacks, and session hijacking. Identity Threat Detection and Response (ITDR) remains underutilized, leaving organizations vulnerable.
The security operations center (SOC) team at Todyl, a cybersecurity solution vendor, observed a 558% increase in AiTM, account takeover, and BEC attacks in 2024. A specific investigation into Microsoft 365 revealed a pattern of suspicious logins tied to a large identity attack infrastructure using cloned servers. These servers, hidden behind trusted proxies, such as Cloudflare, made it difficult to track attackers who targeted various industries using manual, low-profile tactics. Todyl’s SOC team’s proactive threat hunting revealed a sophisticated, well-funded group capable of managing thousands of hosts across multiple regions. The group was identified as The Söze Syndicate. This threat group’s infrastructure is incredibly active and has accelerated over the last 3 months. At the peak, approximately 65% of all attempted BEC cases across Todyl’s SOC team investigated came from this group.
Key Tactics, Techniques, and Procedures (TTPs) linked to the The Söze Syndicate, include AiTM, SharePoint phishing, and rogue application installations. These attacks targeted businesses of all sizes and industries, aiming to gain access to financial data or disrupt operations.
The threat research underscores the need for enhanced security measures, such as ITDR, optimized SIEM configurations, Secure Access Service Edge (SASE) solutions, and enforcing MFA. Despite advanced detection systems, threat actors continuously refine their techniques, making real-time detection and response essential for mitigating BEC threats.
Powersolution is a preferred Todyl partner and utilizes their modular cybersecurity solution across our customer base. Most of our clients have solutions, including our Secure Global Network (SGN), to help mitigate attacks such as the one outlined in this article.
For more technology trends and topics, follow our LinkedIn page! 🖥️
➡️ Check Out Our Business Testimonials!
How is your state of IT? Call Us: (201) 493-1414 with any questions.
