These thoughts can be applied to any number of scenarios in the business world or even the realm of home networks, but let’s look at just one aspect; BEC (Business Email Compromise). While the name says it all, let’s make sure we are on the same page. BEC is an effort to get access to an entire business network, as opposed to compromising a single user account.
A successful BEC operation allows the bad guys access to an abundance of resources. They have access to many email accounts, as well as company data, potential connections to other networks, potential extortion victims via ransomware, and data exfiltration. Truly a bounty for those with criminal intent.
A Google search for ‘damage from BEC’ yields many pages of results. A few of them are:
Note some key points from the above:
BEC threats are becoming more sophisticated. In reference to the widening attack surface, this article was enlightening:
Since the beginning of 2020, researchers at Barracuda have identified 6,170 malicious accounts that use Gmail, AOL, and other email services and were responsible for more than 100,000 BEC attacks on nearly 6,600 organizations. In fact, since April 1, malicious accounts have been behind 45 percent of the BEC attacks detected.
So the protectors of the realm are tasked with an increasingly difficult task. You used to be able to say “We don’t accept email from a .RU domain or with an originating IP address in China”. Now, you cannot generalize because of the subterfuge employed by the bad guys.
Another tactic that makes BEC difficult to defend against is mentioned in the article:
By nature, business email compromise is a highly targeted attack. After an initial research period, cybercriminals will impersonate an employee or trusted partner in an email attack. Usually, email is used first to establish contact and trust. Attackers will expect replies to their BEC attacks. Therefore, these attacks are usually very low volume and highly personalized to ensure a higher chance of a reply. The number of email attacks sent by a malicious account ranged from one to over 600 emails, with the average being only 19.
So you cannot rely on volume to signal a BEC attack. Keep in mind these are spear-phishing attacks. The attackers will have gotten employee names and positions to make any emails seem more authentic. They want to establish a relationship with someone on the inside. Once they do the results are not good. This article is another example.
While arrests have been made, the attackers were able to divert almost $1 million to their accounts. The victims were in New Zealand and Australia, while the bad guys were in the US. These days, distance is not an issue.
Over and over again, one of the conclusions in many of the articles is users need the training to recognize bad emails. From another article come these points.
Remember, you only get one chance to be right about identifying a BEC email. The bad guy only needs to get it right once to win. To learn more about multifactor authentication, security awareness training, or properly securing your Microsoft 365 email accounts, call Ashton Technology Solutions at 216 397-4080.