Defending Against Business Email Compromise

Uploaded on 2024-07-18 in TECHNOLOGY--Resilience, FREE TO VIEW

Cybercriminals have targeted email as a lucrative threat vector for years. Many of us can recall the early days of spam and virus attacks, followed by mass phishing emails containing malware. Fast forward to today, and we’re in the thick of the business email compromise (BEC) era.  

Sophisticated BEC attacks - including credential phishing, impersonation, and invoice fraud - are on the rise. According to the FBI's IC3 report, BEC continues to be a billion dollar problem. In Europe specifically, the situation is worsening, with a staggering 123.8% rise in BEC attacks from April 2023 to April 2024. This surge indicates an upward trend in relentless email threats, likely driven by a variety of factors. 

Uncovering The Forces Driving Email Threats

One of the hallmarks of BEC attacks is the use of social engineering, where attackers use detailed information about their victims to write convincing emails. Sometimes, these emails involve impersonation of a trusted executive within the victim’s company - like impersonating the finance department to request an urgent payment for an overdue bill. Other times, they impersonate third parties like charities to exploit international crises and world events, such as the conflicts between Russia and Ukraine and Israel and Palestine. 

Vendor email compromise is also on the rise, where attackers impersonate a trusted supplier to conduct invoice scams. The growing adoption of the Single Euro Payments Area (SEPA), intended to streamline cross-border Euro payments, has inadvertently provided fertile ground for these attacks, where standardised transaction formats make it easier for attackers to create convincing fake invoices. 

SEPA's ability to facilitate faster and cheaper cross-border transactions increases the volume of transactions, offering more opportunities for invoice fraud. 

The recent surge in BEC attacks over the last year is also likely accelerated by adversaries exploiting generative AI (GenAI). GenAI has significantly lowered the barrier to launch social engineering attacks – thanks to tools like ChatGPT, threat actors can now quickly and easily craft highly sophisticated and targeted emails, without the typos and grammatical errors that used to be synonymous with BEC and phishing emails. 
 
With the average user already receiving over 120 emails per day, identifying malicious emails was already a challenge, and it’s even more so now that  attacks are increasingly appearing as authentic. 

The Challenge In Detecting BEC Attacks

Secure email gateways (SEGs) have traditionally been the standard for preventing email attacks. And while these solutions worked well several years ago when classic phishing emails were mainstream, they have struggled to keep up in the age of social engineering. This is because they rely on detecting known indicators of compromise, like known malicious links and blacklisted IP addresses. But threat actors have learned how to bypass these tools. By sending text-based social engineering attacks that target human behaviour rather than using malicious payloads, they can become invisible to conventional SEG detection methods.

Companies that are still relying on traditional tools geared for malicious attachments and links are leaving their employees vulnerable to the growing wave of sophisticated BEC attacks. There is an urgent need to rethink email defences around the more subtle signs of social engineering.

Embracing AI For Next-Generation Cyber Defence 

As attackers continue to evolve their tactics, it’s crucial to educate employees on the methods that cyber criminals use to deceive targets – understanding how to spot suspicious links, urgent requests for payment, and spoofed email addresses will be key. However, with email attacks becoming more advanced and getting even harder to distinguish from legitimate email, security awareness training can only go so far. The most effective defence is to prevent these attacks from reaching employees in the first place. 

AI-powered solutions are a powerful advantage here. Using machine learning and AI, security teams can establish a baseline of normal user behaviour within the email environment – based on characteristics like users’ common text patterns, tone, content, and log in or device activity – to detect deviations indicating suspicious activity. Leveraging defensive AI enables organisations to thwart even the most sophisticated phishing and social engineering attacks that slip past human and SEG detection, ensuring that threats are neutralised before they reach the end users. 

As the sophistication and frequency of phishing attacks continue to rise, driven by advances in GenAI and geopolitical factors, organisations must move beyond traditional security measures to detect and block suspicious activities before they reach employees. 

Companies must continue to exercise vigilance while also adopting modern proactive measures, including advanced AI-driven solutions, to safeguard sensitive information and maintain operational integrity in the face of evolving cyber threats.

Mike Britton is CISO at Abnormal

Image: Unsplash

You Might Also Read: 

What Is Email Spoofing & How to Protect Your Organization:

DIRECTORY OF SUPPLIERS - Email Security:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Large-Scale IT Outage Causing International Disruption
MediSecure Hack - Half The Australian Population Affected »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CERT.GOV.AZ

CERT.GOV.AZ

Azerbaijan Government Computer Incident Response Team

EC-Council

EC-Council

EC-Council is a member-based organization that certifies individuals in various e-business and information security skills.

Clearwater Security & Compliance

Clearwater Security & Compliance

Clearwater Compliance specialize in Privacy, Security, Compliance and Risk Management Solutions for Health Care, Law Firms and other businesses.

CERT-UA

CERT-UA

CERT-UA is the national Computer Emergency Response Team for Ukraine.

Avast Software

Avast Software

Avast Software is a security software company that develops antivirus software and internet security services.

ANSI National Accreditation Board (ANAB)

ANSI National Accreditation Board (ANAB)

ANAB is the largest accreditation body in North America. The directory of members provides details of organisations offering certification services for cybersecurity related standards.

e360

e360

e360 (formerly Entisys360) is an award-winning IT consultancy specializing in advanced IT infrastructure, virtualization, security, automation and cloud first solutions.

Ridge Global

Ridge Global

Ridge Global works with C-suite executives and corporate directors to build more resilient organizations through innovative preparedness, protection, response and education capabilities.

Plante Moran

Plante Moran

Plante Moran is a leading audit, tax, consulting, and wealth management firm. Areas of consulting expertise include cybersecurity.

Tenet3

Tenet3

Tenet3's vision is to make optimal cyber strategy development tractable, data driven, with concrete success metrics. The result is cost effective cyber resilience for our customers.

Information Security Officers Group (ISOG)

Information Security Officers Group (ISOG)

ISOG's mission is to strengthen information security through awareness and education programs, promoting community and fellowship among information security leaders.

NPCERT

NPCERT

NPCERT is a team of Information Security experts formed to address the urgent need for the protection of national information and growing cybersecurity threat in Nepal.

Port-IT

Port-IT

Port-IT is a leading partner in cybersecurity solutions tailored for the maritime industry.

CipherStash

CipherStash

CipherStash is a complete data governance and breach prevention platform.

Proton

Proton

Proton provides free encrypted email, calendar, drive, password manager, and VPN services. Building a better Internet.

SpectrumWise

SpectrumWise

SpectrumWise is a business technology specialist that provides Managed Services and Managed Security for small and medium IT Networks.