How hackers have improved their BEC attack methods
Credit to Author: Trend Micro| Date: Wed, 30 Aug 2017 17:56:22 +0000
Email is increasingly an integral part of global life, but business email compromise (BEC) attacks could place these communications at risk. Research by The Radicati Group found that 2.9 billion people worldwide will be using email portals by 2019. Each business user will send 126 messages daily by that time, compared to 122 emails sent and received per user every day in 2015. As email is increasingly used for notifications and interpersonal connections in company and consumer settings, it will be essential to evaluate its security capabilities and protect it appropriately.
Receiving spam mail is nothing new, but new threats have taken on a completely new look to fool users into revealing sensitive information or downloading malicious links. BEC attacks in particular have become more popular to target unsuspecting employees. Let's take a closer look into BEC threats and how hackers have improved this attack method.
What does a BEC attack look like?
BEC attacks aren't your normal phishing or malware campaigns, and their lucrative nature is contributing to their popularity among hackers. According to Enterprise Times, BEC attacks increased by 45 percent in the last three months of 2016. In a typical BEC scam, attackers impersonate high-level executives and request wire transfers to alternate, fraudulent accounts. This method is becoming increasingly sophisticated to make it look like the emails are coming from legitimate sources, convincing employees to make the payments.
All it takes is one email with lax security protocols for a BEC attack to be successful. Attackers often go after an executive's account or publicly listed email, and use keyloggers or phishing to monitor the user's behavior. Hackers carefully track the user's movements to determine who initiates wires and who can request them. Malicious parties lie in wait and do a lot of research to execute the scheme and receive the money successfully. Trend Micro research found that BEC schemes can involve asking to wire funds for invoice payments to a bogus supplier. Hackers usually pose as an exec, employee or lawyer, emailing the finance department to transfer funds quickly and discretely. Pressure from these demands and the seeming legitimacy of the claims make it more likely for finance professionals to follow through and wire the money, earning cybercriminals a lucrative payday for their efforts.
The many faces of BEC
BEC attack methods are extremely convincing, and they are evolving to ensure that users are effectively persuaded to send money to cybercriminals. According to a report by the FBI, BEC attacks are believed to have caused $1.6 billion in losses in the U.S. – $5.3 billion globally – since 2013. In the last half of 2016 alone, U.S. victims reported losses of $346 million as a result of BEC techniques. This threat is clearly not something to trifle with, and businesses should adequately prepare to address it.
However, it's becoming much more difficult to separate the malicious emails from the real deal. Trend Micro research noted that keyloggers used as monitors in BEC methods are often sent as an attached executable file. Most of the time, security systems will flag this type of document as malicious, urging the user not to click on it. Hackers have upped their game by attaching HTML pages instead, which launches a phishing page when clicked on. The page will ask for a username and password to view the file, showing images of popular providers to convince the user. When the form is submitted, attackers have all the information they need to take control.
HTML phishing pages are becoming more popular for BEC schemes for a few reasons. HTML files pose no immediate threats in the eyes of anti-spam solutions. HTML pages can also be easily coded and deployed to run on any platform, ensuring a wider range of potential infection. Hackers might use a combination of HTML phishing and keylogger files to get users to bite, making it easier to compromise email accounts and execute BEC attacks.
"Implement a layered security approach to detect, mitigate and prevent BEC."
Layer your security
Sophisticated techniques like BEC attacks are becoming more common as hackers look for the best ways to breach systems and reap valuable rewards. The only way to beat this type of threat is to implement a layered security approach and ensure that each element works well together to detect, mitigate and prevent BEC. The trick here will be to implement the right security tools in the right places and enforce policies across the board.
The first step should include educating all workforce members about BEC attacks and creating an organization-wide BEC policy. This procedure could include what BEC is, who to report these attacks to and what to do if you suspect that an email is a BEC attempt. Ongoing educational sessions should be provided to prevent knowledge gaps and increase overall awareness. GCN suggested also flagging where emails are coming from and being careful when posting on social media, particularly when it concerns information related to job functions. Taking these steps will help decrease the threat surface and thwart scams.
In terms of technology, business leaders should consider implementing two-factor authentication for email accounts as well as wire transfer requests. This can help cut down on potential attacks, and reveal suspicious activity. Organizations should also leverage an advanced, layered messaging security solution that includes machine learning technology to detect BEC emails without payloads like malicious attachments and links. When all else fails, employees and leaders must take additional measures to verify requests and ensure that they're coming from the source. For more information on protecting yourself against advancing BEC attacks, contact Trend Micro today.