Intelligent Tech Channels Issue 34 | Page 65

FINAL WORD
Business Email Compromise ( BEC ) attacks have been dubbed one of cybersecurity ’ s most expensive threats .
Let ’ s talk email risks – how much of a problem are BEC and EAC attacks ?
Today ’ s threat landscape is fundamentally characterised by social engineering . We ’ ve see an almost 100 % shift to criminals targeting individuals , socially engineering people to do something , whether that ’ s click on a link , download an attachment , enable macros to install malware or just sending a simple text email , pretending to be people in positions of authority and getting people to wire money or send data directly to the criminals .
Business Email Compromise ( BEC ) attacks have been dubbed one of cybersecurity ’ s most expensive threats .
In 2019 , AIG , a cyber insurance company , stated that BEC overtook ransomware in terms of cyber insurance claims across the EMEA region , while in the US , the FBI stated that between June 2016 and July 2019 , there were losses of more than US $ 26 billion to BEC and Email Attack Compromise ( EAC ) attacks .
Can you talk us through what these types of attacks entail ?
BEC attacks are pure social engineering – there ’ s nothing to sandbox , no payload to analyse , no URL to click through . Typically , it ’ s an email that is pure text , coming from someone that we trust , either an executive or a supplier or someone we ’ ve done business with before . And it ’ s fundamentally trying to trick someone into sending money or data . We see five key examples of BEC attacks : 1 ) Gift carding . In this scenario , a criminal poses as an executive or supervisor with authority requesting assistance to purchase a gift card for staff or clients . The executive asks for serial numbers so they can email them out right away and are delivered straight to the criminal .
2 ) Payroll re-direct . Criminals pretend to be executives and send an email to the HR department requesting to change or update direct deposit information from a legitimate employee bank account to the fraudster ’ s account or a pre-paid card account . The future salary will be paid directly into the criminal ’ s bank account .
3 ) Supplier invoicing . Here , criminals impersonate a legitimate vendor your company regularly does business with and send an invoice . They claim to have new bank details which future invoices should be paid into . But again , that money is being sent directly to the cybercriminal .
4 ) Mergers and acquisitions . Someone , typically junior in finance , receives an email from the CEO or the CFO stating there is an urgent acquisition and that the money is needed immediately so the acquisition can be closed .
5 ) Shipping re-directs . Criminals send a phishing email to somebody within the organisation claiming to be a supplier whose shipping address has changed . But instead of sending it to your business partner or your customer , this results in goods being sent directly to the criminals , only to then be sold on the Dark Web .
I think it ’ s important to analyse these various techniques because , when we ’ re looking at the solution , the technique that the criminals are using will dictate the controls that we implement to ultimately identify and block these threats .
What are the key differences between BEC and EAC attacks ?
Business Email Compromise refers to a scam that targets specific people in the organisation to ultimately steal money or data , with the criminals using the technique of spoofing to pretend to be an executive or supplier .
Email Account Compromise is highly sophisticated , where the attacker uses various techniques to ultimately get legitimate access to the email accounts . They steal credentials by guessing a password or sending a phishing email that , when the employee clicks on the link , they fill in their username and password , and have ultimately sent those details directly to the criminal .
In the case of EAC , there are almost always two victims – the person whose email account got compromised and the other person who falls for the fraudulent request from the compromised email account .
What impact has the shift to remote working had on the frequency of these types of attacks ?
It ’ s a lot harder for employees to physically check with their colleagues whether they really did send an ‘ urgent ’ or ‘ confidential ’ email and with a large proportion of the workforce working from home , or flexible working , it ’ s causing disruption in business process .
In addition , with the reliance on cloud systems , for example , and new ways of working , you find that people are much more likely to react , because we ’ re in a heightened state of emotion . People are much more likely to click and engage with a threat before following internal processes .
Proofpoint research data shows that , since March 2020 , more than 7,000 CEOs or executives have been impersonated , with the average number of CEO impersonation attacks now at 102 .
Since the start of the pandemic , Proofpoint has blocked half a million Business Email Compromise attacks .
INTELLIGENT TECH CHANNELS
INTELLIGENT TECH CHANNELS Issue 34
65