Cyber Insiders-v8-web - Flipbook - Page 22
5 TOP BUSINESS EMAIL COMPROMISE ATTACKER STRATEGIES
Mailbox access strategy
Attorney impersonation strategy
To gain entry to the target’s em ailsystem ,
the threatactorattem pts to com prom ise
a legitim ate internalem ailaccount.
O nce this access is acquired it’s easy
forthe attackerto siftthrough existing
em ailthreads to scope the inform ation
needed to initiate the fraud.Attackers
can purchase the capabilities needed
to carry outthis form ofattack from the
w idercybercrim inaleco-system ,including
phishing and rem ote access tools w ith
EndpointD etection and Response
(EDR)bypass.
In this approach threatactors gain
unauthorised access to an em ailaccount
ata law firm .They w illthen em ailthe firm ’s
clients a fraudulentinvoice orlink to m ake
a paym entonline.The access to the firm ’s
database m eans the attackercan use this
technique againstseveraltargets.
C-suite impersonation strategy
Threatactors eitherspooforhack into a
C EO orexecutive’s em ailaccountin order
to research theirtargetand determ ine
how bestto trick em ployees into m aking
a purchase orsend m oney via w ire
transferto an accountcontrolled by the
attacker.Threatactors deploy pertarget
capabilities,thatm im ic the target’s em ail
system s to increase theirchance
ofsuccess.
Defensive strategies against BEC
To defend againstBEC ,you m ustfirstassess the
strength ofrelative finance,payroll,orhum an
resources business processes.M any ofthese
processes w illbe eitherdependenton em ails or
place reliance on the integrity ofa third-party’s em ail
system .Therefore,you should ensure thattechnical
controls w ith the targetpolicy configuration is
m andatory forsupplerm anagem ent.
Ensure technicalanti-phishing controls thatare
effective againstBEC strategies are enabled
across allyoursystem s.Adm inistrators can also
strengthen security by enabling M FA across your
22
|
Page
False invoice strategy
In this scam the attackerim personates
a legitim ate vendorthatthe target
organisation w orks w ith.They w illem ailthe
vendora fake billthatclosely resem bles
a realone.They m ay provide an account
num berthatis very sim ilarto the realone
orask thatthe funds be transferred to a
differentbank,atthe sam e tim e providing
som e plausible excuse forthe change e.g.
theirbank is being audited.
Payroll redirection strategy
Threatactors targetem ployees w ithout
deploying any capabilities,they sim ply
use a free public em ailservice to request
thatthe em ployee update theirbanking
accountand sortcode.
entire organisation and m ake itm andatory forall
em ployees.W hile M FA w on’tstop allBEC strategies
itcan alertyourteam to any suspicious access w ith
authentication orm ultiple attem pts.
W e recom m end thatyou sw itch from em ailed
invoices to a secure system specifically designed
to authenticate paym ents.In addition,you should
train yourem ployees to recognise the hallm arks
offraudulentpaym entrequests and suspicious
em ails.Provide yourstaffw ith a w ay to escalate any
concerns to yoursecurity team forreview .
C YBER IN SID ERS M AG AZIN E - Vol.2
