Shulou(Shulou.com)11/24 Report--

In the era when smart devices are highly interconnected and enterprises adopt mixed offices, network threats have penetrated into all aspects of enterprise operation. Regardless of size, all kinds of organizations will face the threat from cyber criminals. More importantly, with the adoption of telecommuting models and the increasing migration to cloud-based SaaS applications, attacks targeting employees' corporate accounts are also increasing. Hackers can access sensitive data through hacking accounts and take the opportunity to further attack other employees and other organizations related to the supply chain.

Attack propagation methods vary, but the most commonly used vector is email, which can be used as a carrier for credential collection phishing activities. In recent years, the scale and complexity of phishing have generally increased. From a financial point of view, the most destructive form of phishing is "commercial email intrusion" (BEC). According to Check Point Research, credential collection accounts for about 15% of all e-mail attacks, but it is the most economically destructive.

What is a "commercial email intrusion"?

Business email intrusion (BEC) is a form of phishing in which an attacker uses a seemingly legitimate email address to trick employees into taking the next step. The email address appears to be a real address, but it may be missing a letter, or it may come from a free e-mail account rather than a company domain name.

One of the most common BEC cases is commercial claims fraud in which hackers disguise themselves as suppliers and submit virtual claims through seemingly real e-mail addresses. The recipients of the e-mail (possibly the staff of the accounting department) often carry out reimbursement operations when they do not verify the authenticity of the source of the email, resulting in property losses of the enterprise.

Another form of BEC is "CEO" fraud, in which attackers pose as executives to ask employees to make wire transfers or share sensitive company data outside a secure network. Cyber criminals orchestrate scams to convince victims. They usually use similar e-mail addresses and carefully refine the wording to make them "sound" more like a "CEO" in a communication. Fraudsters make urgent requests in the tone of an executive in an attempt to capitalize on the recipient's sense of urgency and fear.

According to the data of the Federal Bureau of investigation (FBI), there were more than 20000 BEC incidents in the United States in 2022, with a total loss of $2.7 billion, which is only reported, and the actual number may be even higher.

The rise of BEC 3.0

In recent years, BEC attacks have become increasingly complex, with more than 40,000 such attacks occurring in the first two months of 2023 alone.

BEC 1.0 emerged during the COVID-19 epidemic, when criminals tried to take advantage of the new distributed work environment to stir up trouble. Compared with the traditional office environment, telecommuting workers are more vulnerable to phishing attacks, and telecommuting mode also creates more opportunities for impersonation. In BEC 1. 0, the sender of the email pretended to be a colleague, partner, or well-known brand.

In one of the most common forms of attack, hackers pose as business managers and instruct employees to buy gift cards for manufacturers. Most of these emails are plain text, which requires users to have keen insight or with the help of advanced artificial intelligence (AI) and machine learning. BEC 1.0 still exists today, but the effectiveness of such attacks is diminishing as security awareness among end users grows and more email security layers are optimized to detect and block these attacks.

In BEC 2.0, e-mail comes from a compromised account. These accounts may be accounts within the same company or hacked partner accounts, in which hackers pretend to be business representatives to commit reimbursement fraud, or steal employee information and other sensitive data. The complexity of this form has increased because it uses a legitimate partner account that has been hacked. Usually, attackers will look for clues from partners' existing emails to commit fraud, or lurk in legitimate conversations first, and then hijack conversations to commit fraud when the time is right.

This year ushered in the third wave of BEC attacks. In BEC 3.0, hackers send real notifications from legitimate SaaS services and websites such as QuickBooks, Zoom, or SharePoint. On the face of it, there is nothing illegal or suspicious about these communications, as they are sent directly from the relevant website.

Hackers can even use the same or similar names as the victim to make the camouflage look flawless. In order to carry out the attack, they will add a phone number to the reimbursement material or payment information, which points to a virtual support team, and may be cheated after calling. Check Point Research detected nearly 40,000 such attacks in the first two months of 2023.

Guard against BEC

Prevention of BEC requires a number of measures, including the adoption of advanced technology, staff training, and the implementation of strict data and payment strategies.

Safety consciousness

Users must develop and implement a comprehensive employee training plan to enable employees to quickly identify and effectively respond to BEC threats. Employees need to carefully review the emails received and verify their authenticity. If it doesn't feel right, there's probably something wrong with it. By understanding the tricks used by cyber criminals, employees can minimize the risk of BEC scams.

Automatic alarm

Anti-phishing protection is an important line of defense, which uses complex artificial intelligence (AI) algorithms to understand e-mail language, context, and the relationship between sender and recipient, and compares the survey results with email data as a baseline. Artificial intelligence can detect danger signals such as mismatched sender addresses, leaked phone numbers and changes in writing style-multiple artificial intelligence models can help identify signs of attack. In the "second quarter 2023 Forrester Wave ️: enterprise email Security" report, Check Point Harmony Email & Collaboration solutions were rated as the industry leader. The solution Check Point not only provides inline CAPES (cloud native, API-enabled email security) deployment options (for Microsoft 365 and Google Workspace), but also provides comprehensive protection for communications and collaboration applications such as Teams, SharePoint, Slack and Dropbox.

Multiple authentication

Finally, it is critical to implement strict data and payment policies, which should require multiple validations for fund transfers or data sharing. By implementing these measures, companies can improve their defenses, ensure that invoices and sensitive information reach prospective recipients, and reduce the risk of BEC attacks.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.