The Rising Threat of Launchpad Attacks

Human failure is the weakest link in many, if not most, security systems. As a result, criminals are increasingly relying on social engineering as a way to circumvent security controls. To improve their yield, criminals constantly experiment with methods aimed at making their attacks harder to detect—both to security systems and to the end users behind them. Naturally, an attack that successfully evades detection by both human and machine has the potential to make criminals very wealthy. Therefore, once discovered and successfully tested, such attacks exhibit dramatic growth and are commonly copied and tweaked by other criminals spotting an opportunity when they see it. What we term the launchpad attack is the newest example of such an attack. This attack is also commonly referred to as a business email compromise (BEC) that uses account takeover. Although it was virtually unheard of just a few years ago, 44% of organizations have now experienced this type of attack according to a recent industry report.¹