Just last weekend, I wrote a blog in which I partially wrote about how the Cyber pundits are already making predictions for 2023. Although it is still a bit early to tell what could happen, there are two known catalysts out there now which will dominate the threat landscape:
*The Russian annexation of key territories in the Ukraine;
*The Cyberattacker shifting gears in their tactics.
Now I cannot say too much about the first point, because anything
could change in that part of the world.
But, I can talk with some certainty about the second one. After some time, the Cyberattacker usually will
change the way in which they launch their threat variants.
There are reasons for this, but one of the primary ones is
to still keep their identity as elusive as possible.
Another one could be is that they are simply tired of what
they are doing at the current time and want to go onto something else. This really only happens when the profit
potential is dissipating. Such is the case with Ransomware.
It was the threat variant of choice back in 2020, right when
COVID-19 pandemic was at its peak, but this year, as it takes the back seat in the
news, the total number of Ransomware attacks have actually fallen for 2022.
Of course, it is still out there, but not to the magnitude
of severity that we have seen. But now, the
trend is shifting into another direction, which are known as “Business Email
Compromise”, or “BEC” attacks.
This is where an employee of a company is sent a Phishing
kind of email, demanding that the financial or accounting department wire a
hefty sum of money to a third party in order to complete a deal.
The money is sent, and voila, it is gone forever in a phony,
offshore account. The scenario I have
jus depicted is of course a very simplistic one, but these are the details of the
basic form of attack. Just consider some of these stats to show you how BEC
attacks are on the rise:
*It has doubled since Q2 of this year by 34%;
*The attacks for end users has increased by 84%.
More information about these stats can be seen at the following
links:
https://arcticwolf.com/resources/blog/incident-response-insights-from-arctic-wolf-labs-1h-2022/
https://abnormalsecurity.com/blog/bec-attacks-increasing-new-research-shows
Also, according to the FBI, BEC attacks accounted for $2.4
billion of the $6.9 billion in losses so far to the American consumer and businesses. This is almost 34%, whereas Ransomware attacks
only accounted for a mere .7% of this entire total. More information about this can be seen at
this link:
https://www.ic3.gov/Media/PDF/AnnualReport/2021_IC3Report.pdf
There are numerous reasons cited why BEC attacks have become
so much more popular this year, but four of the most cited are as follows:
1)
BEC payments do not require a virtual currency
to be used, unlike a Ransomware attack, where Bitcoin is still the preferred means
of payment. But it can take time for a victim
to get the virtual currency collected, unlike with BEC attacks, where the real
currency is used.
2)
BEC
attacks can make use of multiple attack methods. In our example earlier in this blog, we used Phishing. But a BEC attack can take place via Social
Engineering, Vishing, Smishing, Robocalls, traditional mail, etc.
3)
There are also other technological weaknesses that
are giving rise to the proliferation BEC attacks – some of these include the
recent weaknesses that have been found in Microsoft Exchange, VMware, and the Remote
Desktop Protocol (RDP).
4)
Cyberattackers are also purchasing PII datasets
from the Dark Web for pennies on the dollar.
These can then be used to launch Social Engineering attacks.
These four findings can be seen in the diagram below:
(SOURCE: https://www.darkreading.com/threat-intelligence/cybercriminals-see-allure-bec-attacks-ransomware)
My Thoughts On This:
With all of these stats now presented to you, you may be wondering
how you can protect you and your business from a BEC attack from taking place. Once again, it all comes to security awareness
training. Keep in mind that a BEC attack
is going to focus primarily on one thing:
Directly asking for money.
So the moment that your administrative assistant gets an email or a phone
call asking for money, you need to tell them to stop the conversation immediately,
and have him or her report that back to their higher ups and the IT Security
team.
Then the request for the money to be sent over needs to be
validated. But if it already has been
sent, your next course of options is to immediately call your local FBI office
to try to recoup whatever you can. To
varying degrees, the FBI has been successful in retrieving money in such kinds
of attacks.
But in the end, it is going to be the finance or accounting
department that will send the money, if the request is legitimate. Therefore, it is very important to make sure
that the right controls have been implemented, and upgraded with the latest
patches and firmware upgrades.
Any and all requests for money transfers should be confirmed
with at least two layers of approval. True,
this may seem to be a bit much, but this is one sure fire way of having a good
set of checks and balances in place.
In fact, many financial institutions today have automated alarms
in place to warn them any fraudulent activity from taking place. If anything is detected, the transaction is
halted immediately until the details of it can be confirmed.
In fact, this very situation happened to one of my clients the
other day. They were about to send out a
wire transfer to a phony bank account.
The only thing that prevented this from happening were the AI and ML
detection tools that were in place to detect potential fraud.
No comments:
Post a Comment