The Growing Threat of Business Email Compromise
A Persistent Problem
Business email compromise (BEC) has become an increasingly prevalent and costly threat in recent years. According to the FBI, there were over 21,000 complaints about BEC in 2020, resulting in adjusted losses exceeding $2.7 billion. These attacks show no signs of slowing down, as cybercriminals continue to refine their techniques and exploit vulnerabilities within organizations.
BEC attacks rely on a combination of technology and social engineering. Threat actors use sophisticated tactics to gain the trust of their targets, often by creating emails that appear legitimate and convincing. These emails often contain links that download malware, direct users to spoofed websites, or encourage financial transactions. In addition to valuable data such as employee records and payroll information, BEC actors seek to persuade individuals to fulfill requests for payment or fund transfers.
The Rise of Cybercrime-as-a-Service
One factor contributing to the growth of BEC is the accessibility of cybercrime-as-a-service (CasS) providers. These platforms offer tools and services that simplify the creation and deployment of BEC campaigns. Phishing-as-a-service providers, for example, enable threat actors to produce authentic-looking BEC emails without requiring advanced technical skills. Criminal platforms like BulletProftLink go further, selling templates, automated services, and even hosting platforms, making it easier for any criminal organization to enter the world of BEC.
Localization and Evasion
Recent trends in BEC attacks involve threat actors acquiring residential IP addresses from residential IP services. By using localized address space, BEC attackers can obscure the origins of their emails and bypass detection mechanisms. This practice also helps them evade “impossible travel” alerts, which flag suspicious activity when tasks are performed in two locations without allowing sufficient time for travel between them. The use of residential IP addresses allows BEC attackers to minimize their footprint and conduct further attacks undetected.
Mitigating the Risk of Business Email Compromise
Six Key Steps for Security Teams
To combat the growing threat of BEC, security teams must take proactive measures. Here are six key steps that can be taken to mitigate the risk:
1. Inbox Protection
Configure mail systems to flag messages from outside the enterprise and enable alerts about unverified senders. Additionally, block senders who cannot be independently identified. These measures help identify suspicious emails and reduce the likelihood of falling victim to BEC.
2. Strong Authentication
Enabling multifactor authentication makes it significantly more difficult for attackers to compromise user email accounts. By adding an additional layer of security, organizations can enhance their defense against BEC.
3. Secure Email
Cloud platforms that utilize artificial intelligence and machine learning can provide enhanced protection against BEC attacks. These platforms offer continual updates and centralized management of security policies, ensuring organizations stay ahead of evolving threats.
4. Identity and Access Management
Implementing zero trust principles and automated identity governance helps control access to an organization’s applications and data. By verifying and monitoring user identities, organizations can minimize the risk of unauthorized access and subsequent BEC incidents.
5. Secure Payments
Replacing emailed invoices with a system that authenticates payments and providers is crucial in preventing BEC attacks. By implementing secure payment processes, organizations reduce the chances of falling victim to fraudulent requests for funds transfers.
6. Education and Empowerment
Regularly training employees about the risks and techniques used in BEC attacks is essential. Organizations should emphasize the importance of verifying payment requests through means other than clicking on links in email messages, such as making a phone call. By fostering a culture of skepticism and vigilance, organizations can empower their employees to prevent BEC scams.
Policy and Governance
Policy and governance play a crucial role in preventing BEC. Organizations should adopt security-by-default policies, such as implementing a domain-based message authentication, reporting, and conformance (DMARC) policy of “reject,” which ensures that unauthenticated messages are rejected at the mail server. It is also important to update policies related to accounting, internal controls, payroll, and HR to provide clear guidance on how to handle inbound requests for access, money, or personal information.
The Role of the Whole Organization
Thwarting BEC threats requires a collaborative effort from the entire organization. From the C-suite to IT, compliance, risk management teams, and every business unit, awareness and understanding of BEC risks must be prioritized. By combining policy, technology, and ongoing vigilance, organizations can mount a strong defense against BEC attacks and reduce their chances of falling victim to this costly form of cybercrime.
In Conclusion
The growing prevalence and sophistication of BEC attacks pose significant risks to organizations. As cybercriminals continue to refine their techniques and exploit vulnerabilities, it is crucial for security teams to stay ahead of these evolving threats. Through a combination of technology, policy, and a culture of awareness, organizations can mitigate the risk of BEC and protect themselves against the potentially devastating financial and reputational consequences of falling victim to this form of cybercrime.
<< photo by cottonbro studio >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- Shell Confronts Cybersecurity Crisis: Confirmed Breach and Data Leak by Ransomware Group
- The Vulnerability Stacking Effect: Exploring the Implications of the StackRot Linux Kernel Vulnerability
- The Rise of Silentbob: The Threat to Cloud-Native Environments
- Enhancing Email Security: Ironscales Introduces AI Assistant to Detect Phishing Attempts
- Exploring the Threat Landscape: The Exploits of Chinese UNC4841 Group in Barracuda Email Security Gateway
- Chinese Hackers Gain Access to Email Security Appliance: A Disturbing Espionage Campaign Unveiled
- The Anatomy of a Large-Scale Email Scam: Insights and Implications from the Business Email Compromise Ecosystem
- Cyber Insurance: Leveraging Pen Testing to Mitigate Rising Costs
- Countering the “StackRot”: Tracing the Linux Kernel’s Latest Privilege Escalation Vulnerability
- How Phishers are Using .ZIP Domains to Lure in Victims.
