Business Email Compromise — A bigger problem then it seems

With digitalisation, more businesses are more dependent than before on email communication for our business operation.

Image source: BOARDROOM BEST PRACTICES

Digital Transformation across all industries has shifted most communication from face-to-face meeting phone calls has changed to primarily online through emails and chats. The shift has caused a massive spike in messages has allowed attackers to leverage the volume to sneak in compromised emails into the stack.

1. Broadcom reports an increase in phishing attacks means riddling email communications networks with cybercrime. Symantec research suggests that throughout 2020, 1 in every 4,200 emails was a phishing email.
2. Greenhorn reports 43% of organizations experienced a security incident within 2020. 35% of security professionals claim that phishing/BEC attacks account for more than 50%.
3. Tessain reports 75% of organizations worldwide experienced some kind of phishing attack in 2020. Another 35% experienced spear phishing, and 65% faced BEC attacks.
4. Email Account Compromise (EAC) is getting significant attention. The University of Michigan warns staff of increasing emails impersonating U-M deans and other employees.
5. It is globally delivering 94% of malware via email. An unsuspected staff needs to make one wrong click to create any damage. There is a rise in phishing attacks with cloud-based email services platforms such as Microsoft 365. The increase is due to companies transitioning to more cost-efficient cloud solutions.

Why does it concern with your organisation and you? What is the impact to your business with all these threats? No enterprise is spared in this world of hackers!

What does it means to business?

The risk of attacks and exploit and real. The assumption is that an attack is regardless of the size of your company and how well-prepared you are. Hence businesses need to understand the risk and make the appropriate investment.
In the event of an actual exploit, it will sometimes mean direct financial losses​ in the case of a ransomware attack. An indirect financial loss is possible when no money is exchanged with the attackers. Direct monetary exchange as ransom is needed to retrieve Stolen data. The information collected could trigger our attackers through spamming the organization’s customers to increase the attacked surface.

Once the information of an attack is published, it will immediately trigger a loss of customers’ trust. At the same time, employees will stop trusting the systems. They will be skeptical about performing their daily trust and transaction. This lack of confidence will impede productivity and affect the business’s bottom line.
Sometimes, the state or customers will subject the company to Legal Prosecution​ due to misplacing trust from the customers, causing financial loss and mental stress due to the attacks.

Now we understand the threats that are out there, and how it will affect everyone that the business. It is also time for us to understand how attackers think so that you can protect your organisation, staff and most importantly your customers.

1. Generally, an attacker will be performing their search and discovery on the internet for targets. With easy access to a mailing list, the attackers can send and wait for one to take on the baits. Somethings the initial attack could focus on getting the enterprise’s landscape. Sometimes, it will mean planting a trojan horse within the organization to harvest more information.
2. There is a vast arsenal of tools available for an attacker to use now. With the prior information they have collected, they will start preparing their approach and the point of interest to attack. Usually, the consideration will include company espionage to collect valuable information and data, impact reputation and in some extremes, bring down systems to paralyze the enterprise.
3. With all the preparations done, they will need to select the attack mode. The preferred approach is to leverage email to scale. It is usually harder to stop with the ability for attackers to masquerade their intent with well-written mail that can be hard to recognize by an untrained or unsuspected victim.
4. Sometimes the exploit is not done immediately. It could be triggered based on patterns detected, such as waiting for itself to be attached to a privilege message or activities. Attaching increases its success as it will have a lower possibility of being blocked. Scheduling an attack can also be done to understand the business. It is timing an attack according to the type of information of interest. The aim is might be to capture financial information, which is usually done based on a reporting or settlement cycle. Widely sharing a large amount of data via email for reporting requirements to roll up data from different departs and geographics. The vast amount of information provides financial gains from the attacked, allowing them to gain an advantage outside the enterprise, such as selling this data to competitors or manipulating the stock market.
5. The success of an exploit to be installed and landed within the organization will depend on how stealthy approach. Hence organization will need to rely on the proficiency and comprehensive the organization has adopted to protect itself. IBM has studied the cost of a breach that goes beyond the amount of data lost or disclosed depending on the time it takes to find it. On average, companies take about 197 days to identify and 69 days to contain a breach. The gap is considered long, and the amount of information lost is unimaginable.
6. Using advanced and sophisticated tools coupled with how deeply entrenched the attackers’ access will determine how much Command and Control over their victim. They can start and stop at will and move around the organization to prevent them from being identified.

Time to act now, work with business owners to understand the impact. Start putting a plan to enhance awareness within the organization of email hygiene that is directly related to protecting the organization.