Cyber crime is a major headache for enterprises who in 2018 alone were defrauded to the tune of $2.7B. That’s according to the FBI who recently published their Internet Crime Report for 20191 which brings together figures for up to the end of 2018. One of the largest sub-categories of cyber crime is Business Email Compromise (BEC) and Email Account Compromise (EAC), and from registered complaints to the FBI it is clear that the problem is getting worse. BEC cost the USA $1.2Bn in 2018 as against $675M the year before. This massive figure excludes ransomware attacks.
In a parallel report insurance giant American International Group Inc. said that BEC attacks had become the leading cause of cyber insurance claims, surpassing ransomware, and accounted for nearly a quarter of all reported cyber incidents in 2018 for the EMEA region.
So how do the fraudsters go about their business? “In some cases, the attacks require little more than identifying the right individual and sending an email. In other cases, look-alike domains are created to establish credibility. In still other cases, cyber criminals go to even greater lengths, such as impersonating the CEO and holding phone meetings about monies needed for an investment or using deepfake audio to trick employees by sounding just like the CEO over the phone” 2 according to Nick Cavalancia.
"They use a range of tactics to establish the illusion of legitimacy:
Diligence. Significant background research; scouring the company's website and sites like LinkedIn looking for the right person to target.
Contextual requests. Identifying people to impersonate as part of doing due diligence.
Domain impersonation. Look-alike domains (e.g., adding an extra letter to a domain) can make it look like it's really the company that users think it is.
Social engineering. Today's scammer is making sure the emails are well written, establish credibility using detail and create a sense of urgency to get the potential victim to act."
Cavalancia recommends a three layer response to these threats. At the outset use available security technology to weed out as many of the attacks as possible. Secondly all staff in departments that make payments should be mandated to changes their processes and take verification steps. So if a convincing call is received that asks for money to be paid into a different account etc, then you should verify the caller and request by for example calling back to the last known phone number of the person in question or payee. Thirdly, educate your people.
Unfortunately malware and fraudster strategies continue to evolve. In the case of EAC “attackers are utilising malicious third-party applications that connect Office 365 or G Suite accounts and abuse the access and permissions”3, according to Ryan Kalember of Proofpoint . “You basically see a log-in - not to a fake Microsoft or Google, but the real Microsoft or Google - and the attacker is trying to get you to install an application that is on the app store that connects to Office 365 or G Suite. You're logging into the real account, but the application itself is impersonating something that's legitimate," Kalember says. "The way they are able to use that access is because everything is about Office 365. It's everything. Your calendar, contacts, inbox, sent items, files, everything is behind that one credential and that whole cloud attack surface has enabled them to learn so much about their targets. These are relatively recent developments even if the tools have been around for some time." It’s a further example that cloud services are not the low maintenance solutions that they were originally claimed to be.
As a broad based software company Micro Focus has a number of solutions applicable to this discussion. Let’s start with GroupWise and Enterprise Messaging. Venerable though it is, GroupWise has always had an excellent reputation for security and resistance to malware. It was the first email solution to introduce end-to end encryption built in to the product and many a time a GroupWise system has continued to work normally while an Exchange server was out of service due to a virus attack. In combination with Secure Messaging Gateway, GroupWise still provides a realistic alternative.
Other tools in the Micro Focus armoury include, Access Manager and Advanced Authentication, linked with Micro Focus’ identity management solutions. If you are looking for ransomware prevention then have a look at the ZENworks Suite for comprehensive endpoint protection.
Don’t let BEC/EAC cripple your organisation.