Karl Barton, Senior Director, International Channels and Alliances at SecureAuth, discusses why Business Email Compromise attacks continue to be prevalent and how elements such as pre-authentication access controls and MFA DDoS prevention allows the automation of responses and remediation activities.
Malicious emails are among the primary weapons of choice for cyberattackers, with phishing and business email compromise (BEC) or ‘man in the middle’ attacks topping the list. Data from Lloyds Bank revealed a 58% increase in BEC attacks in the UK alone. This type of phishing scam is when an attacker gains access into a corporate email account and impersonates the real owner – usually from the CEO or a high-level executive – to defraud the company, its customers, partners or employees into transferring money, or sensitive corporate or personal data.
They are commonly orchestrated through phishing emails, with extraordinary results. The ‘man in the middle’ is not only able to eavesdrop on private conversations, but potentially target information within the network.
As a result, departments that regularly handle sensitive information, like human resources and finance tend to be the most targeted. According to the UK Cyber Security Breaches Survey 2019, these attacks were included in the top two most common attacks for businesses and charities, ahead of ransomware.
The cybercriminals behind these attacks dedicate time and resources to build convincing impersonations, making them more targeted and difficult to spot. As a result, protecting valuable data in the organisation and mounting a defence is becoming increasingly challenging.
What you need to know
The success of BEC campaigns is largely determined by the low levels of user-awareness regarding how attackers try to imitate and operate as companies or high-level executives. These schemes often rely on an email or SMS request that appears ordinary, either coming from a real email account or an address that is so similar it would escape loose scrutiny.
Demands are often marked as urgent and typically involve requests for wiring money, issuing payments for invoices, sending company confidential information (financial data, employee tax information, etc.) or could involve purchasing items like gift cards or prepaid cards.
Often, these requests for money transfers or sensitive information are well-worded, specific to the business or person being targeted and do not raise concerns as to the legitimacy of the request.
What enterprises can do to prevent BEC attacks
Security training is a critical part of any cybersecurity strategy and should aim to improve employee awareness of security risks and best practices to spot and report threats. Training should be reinforced regularly to equip employees with the knowledge to identity suspicious activity and phishing attempts which will dramatically reduce risk.
Verifying login attempts and securing email accounts is another strong defence from BEC and other phishing attempts. Identity and access management solutions such as multi-factor authentication that look at multiple factors – such as something a user knows (e.g. a password), something a user has (e.g. device or smart card) and something a user is (such as a biometric) – to ensure the user is who they say they are and prevents attackers gaining access to email accounts to launch a BEC attack.
Risk-based adaptive authentication adds additional layers of security that is invisible to the user. Such methods include geolocation, IP address look up and behavioural analysis, which provides an enhanced user experience without compromising security.
As Office 365 is a prime target business email compromise, implementing an adaptive authentication solution with features such as SMS phone fraud prevention, pre-authentication access controls and MFA DDoS prevention allows response and remediation activities to be automated.
Be prepared to take action
Phishing techniques are constantly evolving to adopt new forms and procedures, but with the right training and advanced security measures in place, the success of these attacks can be reduced. Aside from technology measures, employees should receive regular awareness training and best practice tips to be able to identify suspicious SMS or email messages from an executive and know how the procedures to report suspicious activity.
By bringing together network, endpoint and identity security, weaknesses caused by disparate architectures can be removed. This removes the blind spots previously exploited by malicious attackers to gain a foothold. Informed and educated employees, and a secure access management control, are key when protecting a company from BEC and other phishing attacks.
By implementing modern cyberdefence strategies, such as adaptive access control, stolen credentials will be rendered useless to a threat actor, preventing them from catching victims anytime soon.
Click below to share this article
