Defending Against Business Email Compromise

Uploaded on 2024-07-18 in TECHNOLOGY--Resilience, FREE TO VIEW

Cybercriminals have targeted email as a lucrative threat vector for years. Many of us can recall the early days of spam and virus attacks, followed by mass phishing emails containing malware. Fast forward to today, and we’re in the thick of the business email compromise (BEC) era.  

Sophisticated BEC attacks - including credential phishing, impersonation, and invoice fraud - are on the rise. According to the FBI's IC3 report, BEC continues to be a billion dollar problem. In Europe specifically, the situation is worsening, with a staggering 123.8% rise in BEC attacks from April 2023 to April 2024. This surge indicates an upward trend in relentless email threats, likely driven by a variety of factors. 

Uncovering The Forces Driving Email Threats

One of the hallmarks of BEC attacks is the use of social engineering, where attackers use detailed information about their victims to write convincing emails. Sometimes, these emails involve impersonation of a trusted executive within the victim’s company - like impersonating the finance department to request an urgent payment for an overdue bill. Other times, they impersonate third parties like charities to exploit international crises and world events, such as the conflicts between Russia and Ukraine and Israel and Palestine. 

Vendor email compromise is also on the rise, where attackers impersonate a trusted supplier to conduct invoice scams. The growing adoption of the Single Euro Payments Area (SEPA), intended to streamline cross-border Euro payments, has inadvertently provided fertile ground for these attacks, where standardised transaction formats make it easier for attackers to create convincing fake invoices. 

SEPA's ability to facilitate faster and cheaper cross-border transactions increases the volume of transactions, offering more opportunities for invoice fraud. 

The recent surge in BEC attacks over the last year is also likely accelerated by adversaries exploiting generative AI (GenAI). GenAI has significantly lowered the barrier to launch social engineering attacks – thanks to tools like ChatGPT, threat actors can now quickly and easily craft highly sophisticated and targeted emails, without the typos and grammatical errors that used to be synonymous with BEC and phishing emails. 
 
With the average user already receiving over 120 emails per day, identifying malicious emails was already a challenge, and it’s even more so now that  attacks are increasingly appearing as authentic. 

The Challenge In Detecting BEC Attacks

Secure email gateways (SEGs) have traditionally been the standard for preventing email attacks. And while these solutions worked well several years ago when classic phishing emails were mainstream, they have struggled to keep up in the age of social engineering. This is because they rely on detecting known indicators of compromise, like known malicious links and blacklisted IP addresses. But threat actors have learned how to bypass these tools. By sending text-based social engineering attacks that target human behaviour rather than using malicious payloads, they can become invisible to conventional SEG detection methods.

Companies that are still relying on traditional tools geared for malicious attachments and links are leaving their employees vulnerable to the growing wave of sophisticated BEC attacks. There is an urgent need to rethink email defences around the more subtle signs of social engineering.

Embracing AI For Next-Generation Cyber Defence 

As attackers continue to evolve their tactics, it’s crucial to educate employees on the methods that cyber criminals use to deceive targets – understanding how to spot suspicious links, urgent requests for payment, and spoofed email addresses will be key. However, with email attacks becoming more advanced and getting even harder to distinguish from legitimate email, security awareness training can only go so far. The most effective defence is to prevent these attacks from reaching employees in the first place. 

AI-powered solutions are a powerful advantage here. Using machine learning and AI, security teams can establish a baseline of normal user behaviour within the email environment – based on characteristics like users’ common text patterns, tone, content, and log in or device activity – to detect deviations indicating suspicious activity. Leveraging defensive AI enables organisations to thwart even the most sophisticated phishing and social engineering attacks that slip past human and SEG detection, ensuring that threats are neutralised before they reach the end users. 

As the sophistication and frequency of phishing attacks continue to rise, driven by advances in GenAI and geopolitical factors, organisations must move beyond traditional security measures to detect and block suspicious activities before they reach employees. 

Companies must continue to exercise vigilance while also adopting modern proactive measures, including advanced AI-driven solutions, to safeguard sensitive information and maintain operational integrity in the face of evolving cyber threats.

Mike Britton is CISO at Abnormal

Image: Unsplash

You Might Also Read: 

What Is Email Spoofing & How to Protect Your Organization:

DIRECTORY OF SUPPLIERS - Email Security:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Large-Scale IT Outage Causing International Disruption
MediSecure Hack - Half The Australian Population Affected »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Zerto

Zerto

Zerto provides enterprise-class disaster recovery and business continuity software specifically for virtualized data centers and cloud environments.

Digital DNA

Digital DNA

Digital DNA provides Law-Enforcement-Grade Computer Forensics, Cyber Security and E-Discovery Investigations.

NICE Systems

NICE Systems

NICE Systems provide software solutions to ensure compliance, fight financial crime, and safeguard people and assets.

ClickDatos

ClickDatos

ClickDatos specializes in consulting, auditing, data protection training, accredited by ISO/IEC 27001 certification.

AllClear ID

AllClear ID

AllClear ID provides products and services that help protect people and their personal information from threats related to identity theft.

Jumio

Jumio

Jumio’s end-to-end identity verification and authentication solutions fight fraud, maintain compliance and onboard good customers faster.

CIRISK

CIRISK

CIRISK offers a wide range of services from consulting to audit or project management to help you develop your cyber security or information security strategy.

Techleap.nl

Techleap.nl

Techleap.nl is a non-profit publicly funded organisation helping to quantify and accelerate the tech ecosystem of the Netherlands.

SecSign Technologies

SecSign Technologies

SecSign Technologies delivers user authentication, messaging, file sharing, and file storage with next generation security for company networks, websites, platforms, and devices.

Glocomms

Glocomms

Glocomms is a leading specialist recruitment agency for the tech sector, providing permanent, contract, and multi-hire recruitment from our global hubs in San Francisco, New York, London and Berlin.

Rimstorm

Rimstorm

Rimstorm’s mission is to significantly improve the security of your data using award-winning, state-of-the-art technology combined with cyber managed security services.

Protelion

Protelion

The Protelion Security Platform is uniquely architected to deliver security solutions that combine greater protection, flexibility, and performance.

KingsGuard Solutions

KingsGuard Solutions

KingsGuard Solutions is a San Diego Cybersecurity company that specializes in complex and innovative security solutions for companies throughout Southern California.

WireGuard

WireGuard

WireGuard is a communication protocol and free and open-source software that implements encrypted virtual private networks (VPNs).

Runecast Solutions

Runecast Solutions

Runecast Solutions is a global leader in AI-powered risk mitigation, security, continuous compliance and more efficient IT operations management.

Tamnoon

Tamnoon

Tamnoon is the Managed Cloud Detection and Response platform that helps you turn CNAPP and CSPM alerts into action and fortify your cloud security posture.