I just came across this post by Alastair Paterson of Security Week highlighting that attackers are monetizing non-traditional methods to compromise business accounts (BEC and EAC). Alastair points at three alternative methods that are being successfully put at work:
- Using email credentials purchased from criminal forums,
- Re-trying the credentials of already compromised accounts, and
- Searching across misconfigured archives and file-stores to find credentials.
12.5 Million Email Archives Exposed: Lowering the Barriers for BEC (OCTOBER 18, 2018)
Note: This doesn’t undermine the magnitude of the threat posed by phishing attacks. As per F5’s analysis of breaches reported between April and August 2018, in 86% of cases, in which PII was compromised, the initial attack vector was phishing.
What’s of interest – and it should interest you too – are the security measures that Alastair lists in his blog post.
7 Security measures against Business Email Compromise
- Integrate BEC scenario into your security awareness training
- Built BEC into your incident reporting and business continuity planning
- Work with your vendors to build in manual controls and multi-person authorization when approving significant wire-transfers.
Dutch film boss sacked after €19m BEC loss (NOVEMBER 14, 2018)
- Monitor for exposed credentials, and implement two-factor authentication across your organization.
- Conduct digital footprint analysis for your executives.
- Ensure the security of your email archives. Keep them private.
- Be aware of the risk of using Network Attached Storage (NAS) devices for email back up.
What is Business Email Compromise (BEC)?
The BEC or the CEO fraud is a cyber-heist tactic that targets company employees with access to company finances. The scammers trick the employees into making wire transfers to bank accounts thought to be belonging to trusted partners, such as clients and vendors. Though, it appears to the employees that they are conducting a regular business transaction; however, the money ends up in accounts controlled by the criminals.
Be sure to check our blog post on Business Email Compromise and how it works.