Money is one of the strongest motivators for cyber thieves around the world. While the focus has been on financial fraud and ransomware attacks globally, the number of phishing attacks doubled in 2021 year over year, according to the “Phishing Activity Trends Report ” from the APWG.[1]. Business Email Compromise (BEC) is a type of spear phishing attack that involves using a targeted cyberattack via email to trick victims into giving them critical company information, gaining access to secret data or by making payments to scammers posing as vendors or other well-known entities. . These attacks are distinct from random phishing emails, as scammers typically conduct research so that emails can be tailored, directed to specific people, well-articulated, and self-explanatory to appear legitimate.
Emails are usually received by impersonating email ids and domains from the most naive and trusted sources, such as a colleague, supplier or partner with whom frequent payments are made, or a C-Suite manager. Cybercriminals generate similar email ids and display names, attach fake invoices and instructions based on logos and companies found online. Cybercriminals frequently use typosquatting, such as replacing “m” with “rn” or rearranging strings in email ids or links. To show a false sender identity or address, cybercriminals frequently use Mailsploits – email spoofing and code injection vulnerabilities. They also aim to generate pressure by including urgent information such as payment deadlines, fines, etc.
The finance and accounts payable departments have been the most targeted over the years, with requests to quickly deposit money into another account or change payment instructions for future payments alleging some urgency or mistake not discovery, among others. These attacks are increasingly sophisticated. As the popularity of remote work has grown in recent years, there have been reports of fake emails claiming to be from employees requesting changes to payroll information, salary credit accounts, or financial contributions. for a social cause, as well as employee birthdays. Other departments, such as HR and IT, are increasingly targeted, in an attempt to trick employees into providing their credentials or other sensitive and personal data. After gaining access to credentials, attackers can use them in various ways, including automatic forwarding, email hijacking – taking full control of an email account, installing keyloggers, account takeovers, malware installation, data exfiltration, etc.
Although BEC can lead to financial loss, it can also negatively impact trust and relationships between parties. In addition to immediate cash losses, attacks can have long-term consequences if data is exfiltrated, leading to privacy and security breaches. This could be used by attackers to launch ransomware attacks or to sell or auction trade secrets and intellectual property (IP). From a cybersecurity perspective, such attacks could compromise the CIA triad (confidentiality, integrity, and availability), impacting brand, customer trust, availability, and compliance status.
To deal with this threat, a holistic approach to cybersecurity is needed to address people. Process, technology. Regular security awareness training for employees should include, among other things, citing common and newer techniques used by cybercriminals, spotting indicators of compromise, avoiding clicking on unknown links, verification of the legitimacy of e-mails and documents received by e-mail, etc. Since regular awareness training sometimes becomes uninteresting over time, some form of gamification or reward programs can be introduced to encourage active employee participation. Identification of critical business functions such as accounts payable, IT, etc. and the process documentation surrounding them, including a mature change management process with authorization, periodic monitoring, reconciliations and audits, help prevent such fraud. As technology touches more and more aspects, businesses need to understand the need to invest in the right and optimal technology. There are solutions available for email and content filtering, sandboxing, security, archiving, and continuity services. Implementing Sender Policy Framework (SPF)[2]Mail identified by domain key (DKIM)[3]Domain-based message authentication, reporting, and compliance (DMARC)[4]Multi-Factor Authentication (MFA), reputable password managers, Data Loss Prevention (DLP) and Cloud Access Security Broker (CASB) solutions, End-point Detection and Response (EDR) are among a few security solutions that can help prevent or detect such attacks.
It is essential to have a security policy management framework that includes the most important policies, such as global IT security, log management and incident response, and to regularly test its design and effectiveness. In the event of such attacks, solutions such as SIEM (Security Information and Event Management) and regular SOC monitoring can indicate indicators of compromise and, if necessary, important system logs are available for forensic examination in order to get cyber insurance.
Traditional businesses that aren’t tech-savvy also need to rely on technology, and no one wants to fall victim to a security breach that results in financial loss. As the threat landscape is constantly changing, a layered security model based on the principle of defense in depth can better secure multiple layers, including perimeter, enterprise, application, and database. A comprehensive cybersecurity strategy that includes capabilities for protection, detection and, if necessary, containment, response and investigation in the event of an attack is an essential part of overall enterprise risk management.
(The author is Mr. Amit Jaju, Senior Managing Director – Ankura Consulting Group (India) and the views expressed in this article are his own)
