In the third quarter of 2023, Business Email Compromise (BEC) attacks experienced a significant increase, marking a concerning trend, as reported by cybersecurity platform Huntress in its inaugural threat report. More than half of the attacks during this period were malware-free, indicating hackers exploited legitimate tools rather than using malicious software. The report highlighted that 64% of identity-focused incidents in Q3 involved malicious forwarding or other malicious inbox rules, a key indicator of BEC, while 24% involved logons from unusual or suspicious locations. To combat these threats, Huntress introduced managed detection and response (MDR) for Microsoft 365 capabilities in its SMB platform, providing enhanced protection against BEC and account takeover attacks. The study found that 56% of incidents were malware-free, 65% involved credential harvesting, 25% used built-in tools, and 60% were from lesser-known ransomware strains in SMB.