Cybercriminals have increased the Business Email Compromise attacks and this has peaked during this COVID-19 season. Read on to know more about this…
Cybercriminals have resorted to Business Email Compromise (BEC) attacks and this has peaked during this COVID-19 season. The BEC attacks has made cybercriminals profitable to meet their financial objectives.
Essentially, cybercriminals are using malicious email accounts to impersonate an employee or trusted partner, and send highly personalized messages for the purpose of tricking other employees into leaking sensitive information, or sending over money.
Statistics
Anti-Phishing Working Group (APWG) has found that the average wire transfer loss due to BEC scams has surged to $80,183 from $54,000, in Q2 2020. Moreover, in two third of attacks, attackers requested funds in the form of gift cards for Apple iTunes, Google Play, eBay, and Steam Wallet. Approximately 72% of the attacks were conducted via free webmail accounts and half of them were sent from Gmail. The three most impersonated brands in the second quarter were Zoom, Amazon, and DHL.
Clear & Present Danger
The criminal community has been refining its skills to conduct BEC attacks that are extremely successful at dodging email defenses. They deal in unadulterated deception and thus, are invisible to most conventional security measures. Moreover, as the scammer attempts to make it resemble a genuine email, no keywords will trigger the conventional filters. Hence, ensuring that a well-crafted email has a huge chance of making it to a victim’s inbox without triggering any alarms.
Recent BEC Attacks
Last month, Barracuda Networks discovered that 6,170 accounts were responsible for more than 100,000 BEC attacks on approximately 6,600 organizations. Threat actors were found using legacy apps with old protocols, such as POP, IMAP, and SMTP, to gain access to business email accounts protected with Multifactor Authentication (MFA). Moreover, SMS-based MFA can be abused by attackers in multiple ways, including SIM-jacking. Since March, a series of BEC campaigns have been targeting Office 365 accounts. The attackers, known as Water Nue, have targeted executives at more than 1,000 organizations.
Mitigation
Block unsolicited emails from potentially malicious accounts. Security team should train the users or employees to detect targeted phishing attacks. Implementation of Domain-based Message Authentication, Reporting & Conformance (DMARC) will ensure that emails with mismatched sender ID are detected and automatically reject suspicious emails.
Concluding Points
Losses due to BEC attacks have doubled since the past year, proving that attackers have an upper hand over defenders. Moreover, it has proved that cybercriminals can create havoc with relatively simple attack techniques. Hence, organizations must guarantee that their security measures are capable of countering all kinds of threats.
With COVID-19 providing powerful leverage for this new wave of credentials harvesting campaigns, it’s safe to assume that cybercriminals will soon be putting those logins to use in new BEC-based attacks.