A recent survey from the FBI revealed that BEC is growing at an astronomical rate costing industries billions of dollars every year. Also, the involvement of digital assets makes it more challenging to track cybercriminals.
While organizations are incorporating advanced technologies to strengthen their cyber defenses for sophisticated attacks, they neglect to concentrate on other simple aspects that may be equally costing them revenue.
Recently the Federal Bureau of Investigation (FBI) released an alert stating that Business Email Compromise (BEC) attacks have cost 241,206 domestic and international losses north of USD 43 billion between June 2016 to December 2021. July 2019 to December 2021 alone accounted for a 65% surge in monetary losses. This significant increase in BEC is partly attributable to COVID-19 since restrictions drove workspaces and employees to resort to online resources to conduct their business.
BEC attacks are the core techniques utilized by cybercriminals to target the protected data of an organization to gain access to enterprise-wide information. Most of the time, cybercriminals will opt for social engineering techniques and phishing scams to compromise a user’s account, which allows them to conduct unauthorized transfers of funds or trick other users while handing over their personal information.
Mitigating the impact of these attacks is only made more difficult because it is not always easy to determine if there has been an intrusion, especially if in-house security teams do not have enough resources. This situation worsens because many organizations do not report these incidents if the amount is relatively small. They only reach out to authorities if the amount of ransom they have to pay is significant and they are seeking to recoup some of the losses.
Cybercriminals that used BEC campaigns are increasingly using digital assets since these transactions help them safeguard their identity and provide more anonymity than usual wire transfers.
The feedback of IC3 after tracking a few iterations of the scam showed two different models that the cybercriminals are using. The direct transfer method mirrors the traditional pattern of past BEC incidents. Another method they use is a second-hop transfer where the threat actors target already victims of cyber-attacks.
A few steps IT leaders can take to safeguard their organizations from BEC attacks:
- To verify the requests for changes in account information, IT leaders should use secondary channels or multi-factor authentication. They should ensure that any changes made are from the legitimate individual. If not, stop the transfer immediately.
- IT leaders should ensure the email data at their disposal is legitimate. They should carefully review the links contained in the email and check for all the listed email addresses. IT leaders should also collaborate with security teams to analyze the email and confirm it is legitimate. If the multiple attached files, organizations should use malware analysis sandboxes and products, which allows them to ensure the files are not malicious.
- Another way to ensure the organization’s security is by using privileged access management. With more and more employees utilizing their devices for work that is often outside the protection of traditional security tools, IT leaders should take initiatives to be proactive in securing data from unauthorized access. They can have a limiting number of employees having access to personal data.