Defending Against Business Email Compromise

Uploaded on 2024-07-18 in TECHNOLOGY--Resilience, FREE TO VIEW

Cybercriminals have targeted email as a lucrative threat vector for years. Many of us can recall the early days of spam and virus attacks, followed by mass phishing emails containing malware. Fast forward to today, and we’re in the thick of the business email compromise (BEC) era.  

Sophisticated BEC attacks - including credential phishing, impersonation, and invoice fraud - are on the rise. According to the FBI's IC3 report, BEC continues to be a billion dollar problem. In Europe specifically, the situation is worsening, with a staggering 123.8% rise in BEC attacks from April 2023 to April 2024. This surge indicates an upward trend in relentless email threats, likely driven by a variety of factors. 

Uncovering The Forces Driving Email Threats

One of the hallmarks of BEC attacks is the use of social engineering, where attackers use detailed information about their victims to write convincing emails. Sometimes, these emails involve impersonation of a trusted executive within the victim’s company - like impersonating the finance department to request an urgent payment for an overdue bill. Other times, they impersonate third parties like charities to exploit international crises and world events, such as the conflicts between Russia and Ukraine and Israel and Palestine. 

Vendor email compromise is also on the rise, where attackers impersonate a trusted supplier to conduct invoice scams. The growing adoption of the Single Euro Payments Area (SEPA), intended to streamline cross-border Euro payments, has inadvertently provided fertile ground for these attacks, where standardised transaction formats make it easier for attackers to create convincing fake invoices. 

SEPA's ability to facilitate faster and cheaper cross-border transactions increases the volume of transactions, offering more opportunities for invoice fraud. 

The recent surge in BEC attacks over the last year is also likely accelerated by adversaries exploiting generative AI (GenAI). GenAI has significantly lowered the barrier to launch social engineering attacks – thanks to tools like ChatGPT, threat actors can now quickly and easily craft highly sophisticated and targeted emails, without the typos and grammatical errors that used to be synonymous with BEC and phishing emails. 
 
With the average user already receiving over 120 emails per day, identifying malicious emails was already a challenge, and it’s even more so now that  attacks are increasingly appearing as authentic. 

The Challenge In Detecting BEC Attacks

Secure email gateways (SEGs) have traditionally been the standard for preventing email attacks. And while these solutions worked well several years ago when classic phishing emails were mainstream, they have struggled to keep up in the age of social engineering. This is because they rely on detecting known indicators of compromise, like known malicious links and blacklisted IP addresses. But threat actors have learned how to bypass these tools. By sending text-based social engineering attacks that target human behaviour rather than using malicious payloads, they can become invisible to conventional SEG detection methods.

Companies that are still relying on traditional tools geared for malicious attachments and links are leaving their employees vulnerable to the growing wave of sophisticated BEC attacks. There is an urgent need to rethink email defences around the more subtle signs of social engineering.

Embracing AI For Next-Generation Cyber Defence 

As attackers continue to evolve their tactics, it’s crucial to educate employees on the methods that cyber criminals use to deceive targets – understanding how to spot suspicious links, urgent requests for payment, and spoofed email addresses will be key. However, with email attacks becoming more advanced and getting even harder to distinguish from legitimate email, security awareness training can only go so far. The most effective defence is to prevent these attacks from reaching employees in the first place. 

AI-powered solutions are a powerful advantage here. Using machine learning and AI, security teams can establish a baseline of normal user behaviour within the email environment – based on characteristics like users’ common text patterns, tone, content, and log in or device activity – to detect deviations indicating suspicious activity. Leveraging defensive AI enables organisations to thwart even the most sophisticated phishing and social engineering attacks that slip past human and SEG detection, ensuring that threats are neutralised before they reach the end users. 

As the sophistication and frequency of phishing attacks continue to rise, driven by advances in GenAI and geopolitical factors, organisations must move beyond traditional security measures to detect and block suspicious activities before they reach employees. 

Companies must continue to exercise vigilance while also adopting modern proactive measures, including advanced AI-driven solutions, to safeguard sensitive information and maintain operational integrity in the face of evolving cyber threats.

Mike Britton is CISO at Abnormal

Image: Unsplash

You Might Also Read: 

What Is Email Spoofing & How to Protect Your Organization:

DIRECTORY OF SUPPLIERS - Email Security:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Large-Scale IT Outage Causing International Disruption
MediSecure Hack - Half The Australian Population Affected »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

City Security Magazine

City Security Magazine

City Security magazine helps promote best security practices and keep businesses informed on a wide variety of security-related issues.

Original Software

Original Software

Original Software offers a test automation solution focused completely on the goal of effective software quality management.

SharkGate

SharkGate

SharGate provide a cloud-based website security solution to protect websites from being hacked.

Bufferzone Security

Bufferzone Security

Bufferzone is a patented containment solution that defends endpoints against advanced malware and zero-day attacks while maximizing user and IT productivity.

Cradlepoint

Cradlepoint

With Cradlepoint customers leverage the speed and economics of wired and wireless Internet broadband for branch, mobile, and IoT networks while maintaining end-to-end visibility, security and control.

NetLib Security

NetLib Security

NetLib Security’s powerful, patented data security platform helps companies control data loss prevention (DLP) by managing what data can be transferred outside of their network.

NowSecure

NowSecure

NowSecure are the experts in mobile app security testing software and services.

Cybersec Infohub

Cybersec Infohub

Cybersec Infohub is a Hong Kong government programme to enhance the exchange of cyber security information with industry and enterprises to jointly defend against cyber attacks.

Cyber Skyline

Cyber Skyline

Cyber Skyline is a revolutionary cloud platform to practice, develop, and measure your team's technical cybersecurity skills.

Moviri

Moviri

Moviri combines security technology engineering, intelligence expertise and our data science DNA to help companies manage digital risk end-to-end.

7layers

7layers

7layers has established itself as one of the world’s leading test house groups for mobile devices and the growing number of wireless devices, modules and chipsets.

O'Reilly Media

O'Reilly Media

O’Reilly’s help professionals learn best practices and discover emerging trends that will shape the future of the tech industry.

Technology Mindz

Technology Mindz

Technology Mindz is a leading provider of cybersecurity services. We offer a wide range of services to help businesses. Our services are Identity and access management, Governance risk and compliance.

DeviQA

DeviQA

DeviQA provide best-in-class quality assurance services to companies of all sizes.

ioSENTRIX

ioSENTRIX

ioSENTRIX offers tailored, risk-focused assessments that reduce true business risk.

Aryon Security

Aryon Security

Aryon Security is redefining cloud security with the ability to enforce cloud strategy with confidence, enabling organizations to prevent risks before they emerge.