Cybercriminals Adding Sophistication to BEC Threats

New tactics aimed at business executives and users are being used to reap greater reward from email based fraud, which continues to rise, researchers said.

Cybercriminals are boosting their game and employing new tactics to move up the chain of command with more sophisticated business email compromise (BEC) threats that pose a greater threat to organizations, according to a new report.

Advanced BEC attacks–including impersonation attacks and CEO fraud–showed a steady increase in the first quarter of 2019 and are projected to rise through the second quarter, according to the most recent Email Threat Report from security firm FireEye.

While consumers mainly use their devices and various messaging apps to communicate, business users still predominantly use email. Cyber criminals are taking great advantage of this by impersonating executives, senior managers and supply-chain partners to dupe employees into authorizing fraudulent wire transfers or providing confidential information that can be used to defraud companies, FireEye researchers said.

“Cyber criminals today continue to find creative ways to entice email recipients to open these increasingly malicious messages, which can expose them to content that has the potential to cause significant financial and/or data loss,” according to a blog post attributed to FireEye’s Chris Filart and Dallas Young.

 Impersonation attack attempts trend upward in Q1 2019

FireEye reports: Impersonation attack attempts trend upward in Q1 2019

While various ways to exploit this type of communication are on the rise, FireEye researchers found that some can result in more loss for organizations than others.

CEO fraud in particular was a “cyber cash cow,” according to FireEye. Impersonation attacks, too, can cost companies billions of dollars as well as severely damage their reputation, researchers said.

Both of these types of attacks showed a rise in the first quarter of 2019, with cybercriminals using a new variant for the former to trick executives at the highest level of the organization and gain access to company purse strings.

In the meantime, URL-based attacks remain the predominant vehicle for delivery of malicious content, while classic phishing attacks also were on the rise, with an uptick of 17 percent in the first quarter compared to the last quarter of 2018.

Other attacks showing an increase include ones that attempt to blackmail business users based on reputation, and the exploitation of commercial and free file-sharing services as well as nested emails to deliver malware, the report found.

BEC attacks specifically target those with access to company finances as well as businesses working with foreign suppliers in sophisticated scams that involve having people make wire transfers—often recurring ones–to accounts where bad actors can access the money. Cybercriminals also use these scams to gain access to the means to make those transfers.

Authorities and businesses are well aware of the threat from these attacks. Perpetrators of a global BEC scheme were the target of a recent four-month investigation called Operation reWired by the Department of Justice and other federal authorities that resulted in 281 arrests and the seizure of $3.7 million.

News of those arrests came a day after an alert issued by the FBI that organizations have lost $26.2 billion in the last three years to BEC schemes.

As cybercriminals bolster their game, organizations also must raise their awareness and ability to thwart these attacks, FireEye researchers said.

The company suggested a number of business protections against e-mail based threats, including multi-factor authentication; regular user awareness training sessions; advanced secure email gateway technologies; and enhanced visibility into log-in sources to detect unauthorized activity.

Interested in the role of artificial intelligence in cybersecurity, for both offense and defense? Don’t miss our free Threatpost webinar, AI and Cybersecurity: Tools, Strategy and Advice, with senior editor Tara Seals and a panel of experts. Click here to register.

Suggested articles

jokers stash takedown

Joker’s Stash Carding Site Taken Down

The underground payment-card data broker saw its blockchain DNS sites taken offline after an apparent law-enforcement effort – and now Tor sites are down.