Defending Against Business Email Compromise

Uploaded on 2024-07-18 in TECHNOLOGY--Resilience, FREE TO VIEW

Cybercriminals have targeted email as a lucrative threat vector for years. Many of us can recall the early days of spam and virus attacks, followed by mass phishing emails containing malware. Fast forward to today, and we’re in the thick of the business email compromise (BEC) era.  

Sophisticated BEC attacks - including credential phishing, impersonation, and invoice fraud - are on the rise. According to the FBI's IC3 report, BEC continues to be a billion dollar problem. In Europe specifically, the situation is worsening, with a staggering 123.8% rise in BEC attacks from April 2023 to April 2024. This surge indicates an upward trend in relentless email threats, likely driven by a variety of factors. 

Uncovering The Forces Driving Email Threats

One of the hallmarks of BEC attacks is the use of social engineering, where attackers use detailed information about their victims to write convincing emails. Sometimes, these emails involve impersonation of a trusted executive within the victim’s company - like impersonating the finance department to request an urgent payment for an overdue bill. Other times, they impersonate third parties like charities to exploit international crises and world events, such as the conflicts between Russia and Ukraine and Israel and Palestine. 

Vendor email compromise is also on the rise, where attackers impersonate a trusted supplier to conduct invoice scams. The growing adoption of the Single Euro Payments Area (SEPA), intended to streamline cross-border Euro payments, has inadvertently provided fertile ground for these attacks, where standardised transaction formats make it easier for attackers to create convincing fake invoices. 

SEPA's ability to facilitate faster and cheaper cross-border transactions increases the volume of transactions, offering more opportunities for invoice fraud. 

The recent surge in BEC attacks over the last year is also likely accelerated by adversaries exploiting generative AI (GenAI). GenAI has significantly lowered the barrier to launch social engineering attacks – thanks to tools like ChatGPT, threat actors can now quickly and easily craft highly sophisticated and targeted emails, without the typos and grammatical errors that used to be synonymous with BEC and phishing emails. 
 
With the average user already receiving over 120 emails per day, identifying malicious emails was already a challenge, and it’s even more so now that  attacks are increasingly appearing as authentic. 

The Challenge In Detecting BEC Attacks

Secure email gateways (SEGs) have traditionally been the standard for preventing email attacks. And while these solutions worked well several years ago when classic phishing emails were mainstream, they have struggled to keep up in the age of social engineering. This is because they rely on detecting known indicators of compromise, like known malicious links and blacklisted IP addresses. But threat actors have learned how to bypass these tools. By sending text-based social engineering attacks that target human behaviour rather than using malicious payloads, they can become invisible to conventional SEG detection methods.

Companies that are still relying on traditional tools geared for malicious attachments and links are leaving their employees vulnerable to the growing wave of sophisticated BEC attacks. There is an urgent need to rethink email defences around the more subtle signs of social engineering.

Embracing AI For Next-Generation Cyber Defence 

As attackers continue to evolve their tactics, it’s crucial to educate employees on the methods that cyber criminals use to deceive targets – understanding how to spot suspicious links, urgent requests for payment, and spoofed email addresses will be key. However, with email attacks becoming more advanced and getting even harder to distinguish from legitimate email, security awareness training can only go so far. The most effective defence is to prevent these attacks from reaching employees in the first place. 

AI-powered solutions are a powerful advantage here. Using machine learning and AI, security teams can establish a baseline of normal user behaviour within the email environment – based on characteristics like users’ common text patterns, tone, content, and log in or device activity – to detect deviations indicating suspicious activity. Leveraging defensive AI enables organisations to thwart even the most sophisticated phishing and social engineering attacks that slip past human and SEG detection, ensuring that threats are neutralised before they reach the end users. 

As the sophistication and frequency of phishing attacks continue to rise, driven by advances in GenAI and geopolitical factors, organisations must move beyond traditional security measures to detect and block suspicious activities before they reach employees. 

Companies must continue to exercise vigilance while also adopting modern proactive measures, including advanced AI-driven solutions, to safeguard sensitive information and maintain operational integrity in the face of evolving cyber threats.

Mike Britton is CISO at Abnormal

Image: Unsplash

You Might Also Read: 

What Is Email Spoofing & How to Protect Your Organization:

DIRECTORY OF SUPPLIERS - Email Security:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Large-Scale IT Outage Causing International Disruption
MediSecure Hack - Half The Australian Population Affected »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

National Cyber Security Centre (NCSC) - United Kingdom

National Cyber Security Centre (NCSC) - United Kingdom

The NCSC acts as a bridge between industry and government, providing a unified source of advice, guidance and support on cyber security, including the management of cyber security incidents.

Critical Infrastructures for Information and Cybersecurity (ICIC)

Critical Infrastructures for Information and Cybersecurity (ICIC)

ICIC addresses the demand for cybersecurity for National Public Sector organizations and civil and private sector organizations in Argentina.

ESTsecurity

ESTsecurity

ESTsecurity is a leading company in cyber security providing intelligent security solutions to make world more secure.

SySS

SySS

SySS is a market leader in penetration testing in Germany and Europe.

Calian Group

Calian Group

Calian is a diverse Canadian company offering professional services in areas including Advanced Technologies, Health, Learning and IT & Cyber Solutions.

Phew

Phew

Phew are New Zealand cyber security specialists with expertise and experience forged in global financial markets, IT&T, management consulting and SME business management.

BIO-key

BIO-key

BIO-key is a pioneer and innovator, we are recognized as a leading developer of fingerprint biometric authentication and security solutions.

BlackhawkNest

BlackhawkNest

Blackhawk is the only cyber security solution on the market that combines network monitoring and incident response into a cohesive appliance.

Truesec

Truesec

TRUESEC has an exceptional mix of IT specialists. We are true experts in cyber security, advanced IT infrastructure and secure development.

Mitnick Security

Mitnick Security

Mitnick Security is a leading global provider of information security consulting and training services.

iManage

iManage

iManage's intelligent, cloud-enabled, secure knowledge work platform enables organizations to uncover and activate the knowledge that exists inside their business.

Integris

Integris

Integris offers best-in-class services like dedicated vCIOs, specialized security and compliance advisory services, a 24/7 help desk, and more.

Oligo Security

Oligo Security

Oligo aims to streamline the usage of open source by making it secure and easy to protect. Through focusing developers on the relevant vulnerabilities we make the fixing process significantly shorter.

Realm.Security

Realm.Security

Realm.Security is pioneering the creation of an easy-to-implement, simple-to-use security fabric solution that is purpose-built for cybersecurity.

Operant Networks

Operant Networks

Operant Networks mission is to provide Operational Technology (OT) teams with solutions that simplify their increasingly complex worlds.

Burges Salmon

Burges Salmon

Burges Salmon is an independent UK law firm with a clear purpose to deliver the highest quality service and best experience, for our people and for you.