ManualsPro Abnormal Abnormal CISO Business Email Compromise User Guide

Abnormal CISO Business Email Compromise User Guide

June 1, 2024
Abnormal

CISO Guide to Business Email Compromise

How to Stop the $2.7 Billion Problem

/ By Dr. Eric Cole
Founder and CEO, Secure Anchor

Abnormal CISO Business Email Compromise

The Rising Threat of Business Email Compromise

Business email compromise (BEC) is the most significant cybersecurity threat to enterprise organizations, with $2.7 billion lost in 2022 alone. This type of email attack occurs when a cybercriminal uses social engineering to impersonate a trusted contact—typically an executive, coworker, vendor, or partner—in an effort to steal money or valuable information. Because these emails rarely contain malicious links or attachments, they are difficult to detect by standard email security protocols, leaving organizations wide open to attack.

A full 25% of the $10.9 billion in losses reported to the FBI Internet Crime Center (IC3) in 2022 was attributable directly to BEC. Over the past five years, losses from BEC attacks have more than doubled, growing by a staggering 111% between 2018 and 2022. And in the eight years since the FBI IC3 began reporting on business email compromise, total losses have risen by more than 10x.

Unfortunately, secure email gateways and other traditional security measures are unable to protect against these novel, never-before-seen attacks. Once they arrive in inboxes, your employees open and respond to them, putting your organization at risk of financial and reputational damage. Without a new approach, BEC will only continue to grow, and organizations worldwide will continue to suffer the consequences.

Business email compromise accounts for

25%

of all losses due to cybercrime.

Abnormal Security Research

Types of BEC Attacks

BEC attacks can take on many forms, but they all rely on trusted relationships to complete their schemes. Here are a few ways attackers leverage social engineering to steal money and data from organizations.

Wire Transfer Requests

An attacker typically impersonates a well-known executive within the organization, oftentimes the CEO or CFO, and requests that an important wire transfer be completed immediately. The urgency of these requests often means that employees do not check the legitimacy of the email and complete the request— sending thousands of dollars to an account owned by the attacker.

Payroll Diversion

In these emails, the attacker impersonates someone at your company and emails a finance or HR employee to ask them to switch their payroll information to an account owned by the attacker. Oftentimes, the person being impersonated does not even realize that their payroll has been diverted until their paycheck does not appear in their account at the end of the month.

Invoice Fraud

The target receives a fraudulent invoice from a known vendor in which the attacker changes the bank details to an account in their control. In some cases, this occurs when a vendor account has been compromised, but it can also be done through display name deception in hopes that the victim will not examine the email too closely.

Gift Card Requests

Especially prevalent around the holidays, these attacks are similar to wire transfer requests but threat actors instead ask employees to buy gift cards for an employee or customer appreciation event. After making the purchase, the attacker asks the victim to send the gift card numbers to them.

It’s worth noting that business email compromise attacks can take many forms and often do. These attacks can be part of larger credential phishing or account takeover schemes and can have dire consequences for both employees and their organizations.

Impact of BEC Attacks

The IC3 Internet Crime Report reports that there were 21,832 victims of business email compromise attacks in 2022, costing organizations an average of more than $125,000 per attack. Making matters worse is the fact that this number only includes successful attacks where victims are conned into sending money.

According to research from Abnormal Security, BEC attack volume increased by 175% between 2021 and 2022. While most employees may be able to spot a BEC attack and react appropriately—either by checking the sender’s email address or by verifying with the requester via an alternative method before sending money—this isn’t always the case.

175%

increase in BEC attack volume between 2021 and 2022.

|

28%

median open rate for text-based BEC attacks.

|

15%

percentage of BEC attacks that are read and replied to.

---|---|---

Abnormal found that the median open rate for text-based business email compromise attacks is nearly 28%. And of the malicious emails that were read, an average of 15% were replied to. Unfortunately, it only takes one successful BEC attack to lose millions.

Even if employees are trained on how to detect an attack and respond appropriately, cybercriminals are constantly revising their schemes. Threat actors are committed to staying ahead of changes in technology and training—and their efforts are often successful.

Losses from BEC Attacks Continue to Grow

2022 FBI IC3
Mar 2023

Abnormal CISO Business Email Compromise - b1

Why BEC Attacks Are Successful

To stop business email compromise, there must be a fundamentally different approach to the problem. The standard approach of implementing a secure email gateway no longer works, particularly because of the way BEC attacks are conducted.

Secure email gateways (SEGs) flag emails based on known indicators of compromise. Since BEC attacks are text-based and generally lack malicious URLs or suspicious attachments, they bypass SEGs to land in user inboxes.

Threat actors leverage social engineering to trick employees, usually impersonating a trusted colleague or vendor, or even a well-known brand. These impersonation attacks slip by traditional email security layers since they look inconspicuous on the surface.

If you look at a real-world example of an attack that bypassed the SEG, you can see why traditional defenses fail.

When these attacks land in inboxes, they rely on name recognition and urgency of the request. By encouraging their victims to move quickly, they successfully trick people into making mistakes. And based on the number of successful attacks, more people fall for it each year—despite an increase in security awareness training.

Because BEC attacks typically contain no traditional indicators of attack, it’s only by understanding the context and intent that we can determine if an email is malicious.

There is little denying that these attacks are incredibly difficult to detect, by both traditional defenses and humans. As BEC grows in severity, it’s increasingly obvious that these attacks must be stopped before they can trick your employees.

Abnormal CISO Business Email Compromise - c1

Suspicious Domain?
No. This email is using Gmail—a legitimate domain that millions of people use every day.

Malicious Links?
No. This is a purely text-based email with no links.

Corrupt Attachments?
No. This email doesn’t have any attachments to scan.

How to Stop BEC Attacks

To counter these highly sophisticated attacks, large enterprise organizations need the right security platform. The next generation of email security includes:

API Architecture

A solution that connects to Microsoft 365 and Google Workspace via an API and in doing so, provides access to the signals and data needed to detect suspicious activity. This includes unusual geolocations, dangerous IP addresses, changes in mail filter rules, unusual device logins, and more.

Behavioral Data Science Approach

The solution should use a fundamentally different approach that leverages behavioral data science to profile and baseline good behavior and detect anomalies. It should use identity modeling, behavioral and relationship graphs, and deep content analysis to identify and stop emails that include suspicious information or requests.

Organizational and Supply Chain Insights

A solution that understands both formal and informal organizational hierarchy and maps internal and cross-organizational relationships to understand typical communication patterns and behavior. It should include a focus on vendor relationships to protect against business email compromise, account takeovers, and other types of fraud throughout the supply chain.

Without each of these capabilities, BEC will continue to outpace security measures—making it even more difficult to prevent these attacks from reaching employees, creating financial loss, and causing reputational damage.

Conclusion

By exploiting the relationships that people have established with their executives, coworkers, and partners, business email compromise attacks dupe both traditional email security tools and the humans they target. Stopping BEC requires implementing a solution that can detect and interpret the thousands of signals available via an API, and then monitor them for key deviations from known-good behavior. It’s only by stopping these attacks from reaching inboxes that we can truly ensure that our organizations will stay protected.

Abnormal - Dr. Eric Cole

/ Dr. Eric Cole

A world-renowned cybersecurity expert with more than 30 years of network security experience, Dr. Eric Cole is a distinguished security researcher and keynote speaker who helps organizations curtail the risk of cyber threats.

He has worked with a variety of clients ranging from Fortune 50 companies, to top international banks, to the CIA, for which he was a professional hacker. While he started his career on the offense, he is now fully dedicated to understanding the adversary so he can provide cost-effective solutions that actually work.

As a pioneer in the area of cybersecurity, he has been inducted into the Infosec Hall of Fame, awarded the Cyber Wingman Award from the US Air Force, received multiple accommodations from the CIA, and was part of the commission on cybersecurity for President Obama. He has been the featured speaker at many security events and also has been interviewed by several chief media outlets such as CNN, CBS News, FOX News, and 60 Minutes.

Abnormal Security provides the leading behavioral AI-based security platform that leverages machine learning to stop sophisticated inbound email attacks and dangerous email platform attacks that evade traditional solutions. The anomaly detection engine understands identity and context to analyze the risk of every cloud email event, preventing inbound email attacks, detecting compromised accounts, and remediating emails in milliseconds—all while providing visibility into configuration drifts across your environment.

You can deploy Abnormal in minutes with an API integration for Microsoft 365 or Google Workspace and experience the full value of the platform instantly.

More information is available at abnormalsecurity.com

Interested in Stopping BEC?

Request a Demo:                    Follow Us on Twitter:

abnormalsecurity.com @abnormalsec Abnormal - Twitter

© 2023 Abnormal Security Corporation. All rights reserved. v1.1/Apr. 2023

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>

Related Manuals

IKEA ROTHULT Contactless Electronic Lock Instructions
Ikea
Shenzhen Loyal Electronics KM72 Ergonomic Wireless Keyboard and Mouse Combo User Manual
Shenzhen Loyal Electronics
UYUNI 2024.08 Common Workflows Guide Instructions
UYUNI
AiMoonsa Digital Voice Recorder User Manual
AiMoonsa
MBRP S5262 Street Version Pre-Axle Dual Outlet 3in Cat Back Exhaust Instruction Manual
MBRP
i-PRO WV-X4571L-WV-X4571LM Network Camera Installation Guide
i-PRO
hama 00223185 Power Strip Instruction Manual
Hama
Kmart Bamboo Pantry Shelf Small Instruction Manual
Kmart
Miele 914 HP Commercial Heat Pump Dryer Instruction Manual
Miele
poly-planar MA4054 Round Speaker Installation Guide
poly-planar
NORTHCLIFFE LG3 ETESIAN U LED Pendant Luminaire Installation Guide
NORTHCLIFFE
i-PRO Products WJ-NX300K-G Network Disk Recorder Instruction Manual
i-PRO Products
AIRHUG 2K Webcam Noise Canceling Microphones User Manual
AIRHUG
Num axes EYENIMAL Electronic Pet Feeder User Guide
NUM axes
Telbix Loftus FL-RST Floor Lamp User Manual
Telbix
Voyager VAVSMOD2 360 Camera System User Manual
Voyager
HuTools DKS01 Keyless Entry Door Lock Instruction Manual
HuTools
COUGAR GEX X2 Power Supply Owner’s Manual
Cougar
TERACOM TSM400-1-TH Temperature and Humidity Sensor User Manual
TERACOM
IndeeLift HFL-300-400 Human Floor Lift User Manual
IndeeLift
EcoDim Smart Dimmer Switch 200W LED Eco-Dim.07 Zigbee Pro User Manual
EcoDim
WATTECO Netw’O Range LoRaWAN Tester User Guide
WATTECO
pentland wholesale KXF600 Stainless Steel Cabinet Instruction Manual
pentland wholesale
Apple MacBook Air User Guide
Apple
beurer NA 20 Nasal Aspirator Instruction Manual
Beurer
Swan ST14610GRYN Nordic 2 Slice Toaster User Guide
Swan
BADA SYSTEM NO-100 Android OTT STB User Manual
BADA SYSTEM
GOODYEAR GY 116CP Portable Compressor Owner’s Manual
GOODYEAR
Xiaomi Electric Scooter 4 Ultra Panmi User Manual
Mi
FISHER PAYKEL HWF85ANB1 8.5kg Front Loader Washing Machine User Guide
Fisher & Paykel
Contact Us   Privacy Policy   6.217ms