BEC attacks have become one of the core techniques that cybercriminals use to target an enterprise’s proprietary data and gain a foothold in protected environments. Research shows that more than a third of organizations that experienced a security incident in the last 12 months reported that BEC attacks accounted for more than 50% of the incidents.
One key reason driving BEC attacks is their relative simplicity. By targeting a single account, bad actors can access a great deal of information and insight about the victim’s network. With this valuable information, attackers can then find new targets and manipulate other users in the same network. Attackers target businesses and individuals with social engineering attempts and phishing scams to break into a user’s account, and then conducting unauthorized transfers of funds or tricking other users into handing over their personal information.
BEC Schemes by the Numbers
Here are some of the notable statistics around business email compromise losses as of December 2021:
- Domestic and international incidents: 241,206
- Domestic and international exposed dollar loss: $43,312,749,946
- Total U.S. victims: 116,401
- Total U.S. exposed dollar loss: $14,762,978,290
- Total non-U.S. victims: 5,260
- Total non-U.S. exposed dollar loss: $1,277,131,099
- Total U.S. financial recipients: 59,324
- Total U.S. financial recipient exposed dollar loss: $9,153,274,323
- Total non-U.S. financial recipients: 19,731
- Total non-U.S. financial recipient exposed dollar loss: $7,859,268,158
Source: FBI IC3
However, BEC attacks are now no longer limited to traditional email accounts. With the rapid growth of the cloud workspace and the accelerating use of multiple communications channels, attackers are finding new ways to conduct their schemes.
BEC attackers can now take advantage of collaboration tools, chat, and mobile messaging, including popular cloud-based apps like Slack, WhatsApp, LinkedIn, Facebook, Twitter, and many more. And these new targets are in addition to popular business email such as Microsoft 365. This is giving rise to tremendous growth in attacks that cross common business channels. Clearly, BEC is evolving into business everywhere compromise.
BEC Attacks Beyond Email
Many organizations have large numbers of workers dealing with secure or governed information, and many deployments of Microsoft 365 include software licenses that provide additional security and compliance capabilities. The security features in these licenses give SOC teams automated tools that provide advanced threat protection for their users, but they don’t secure the non-Microsoft channels that companies might be using in their everyday operations.
For example, a help desk might receive an email that looks like it’s coming from their CEO. The email isn’t actually coming from the CEO, but from a bad actor masquerading as the executive. In this case, they're pretending that they're on vacation and they've somehow been locked out of their systems. So they email the help desk and ask them to reset their access to the enterprise systems. And since the CEO is on vacation, they ask the help desk to send the new credentials through WhatsApp. Now, access credentials have been transferred from a protected M365 email account to something that's unprotected by most enterprises – WhatsApp. From there, credentials may be shared, sold or used to commit an account takeover.
BEC scams can come in many forms:
- Hackers may target your organization due to a breach in a partner.
- Hackers may also target your partners due to a breach of your emails.
- You may be breached and then targeted using your breach.
- There may be no breach, just an attacker with a convincing story about why they need your money.
To make matters worse, the rise in more “legitimate-looking yet problematic” BEC schemes is prevalent across multiple industries, especially in highly-regulated ones like healthcare, as well as in life sciences and financial services.
According to the Verizon 2022 Data Breach Investigations Report, most social engineering breaches happen through a business email compromise scam. But even though these attacks are identified as BECs, they tend to be more complex than just some threat actor impersonating someone through a compromised email account. The report also reveals that:
- Only 41% of BECs involved Phishing.
- Of the remaining 59%, 43% involved using stolen credentials against the victim organization, while 27% is due to pretexting.
- The percentage remaining was most likely BEC schemes using either an email from a partner or a free, “non-compromised” email account.
Once an internal account is compromised, attackers can use it to spear phish others, either within the organization or third-party service providers. Their fraudulent email messages will appear even more legitimate because of the internal account.
In this type of attack, other tools can also become compromised. By compromising a work email, threat actors can connect to all the third-party tools and solutions that utilize that email. Collaboration and communication tools like Slack, Zoom, Telegram, WhatsApp, and even social media accounts are not safe.
Since these types of attacks can surpass existing protection solutions, SafeGuard Cyber offers a platform that surpass existing protection solutions by ingesting information from a wide variety of channels, such as collaboration, chat, conferencing, and social media, as well as email and mobile chat. The SafeGuard Cyber platform uses natural language understanding to understand the context and the intent of communications across various channels and help the SOC analyst determine if a threat exists within their environment.
SafeGuard Cyber provides access to:
- Cybersecurity defense across 30 communication channels, including collaboration, chat, conferencing, social media, mobile chat, and email (e.g., business email compromise protection, malware detection and response, etc.)
- A patented Natural Language Understanding (NLU) engine that detects sophisticated attack campaigns through analyzing context and intent, as well as cross-channel event correlation.
- Cloud-native deployment and scale, with an API-first integration with the user and SOC services. No agents or data feed is necessary.
Combating BEC Attacks
There is a reason BEC attacks continue to be popular among cybercriminals. Unlike old-fashioned phishing attacks, they don't require malicious URLs or payloads. BEC schemes rely instead on social engineering, tricking the recipient into performing a money transfer, sharing sensitive information, or resetting credentials – anything that would benefit the attacker.
There are steps you can take to prevent business email compromise or mitigate the consequences. To combat BEC attacks, organizations need to:
- Step up security awareness training to ensure employees know that they are potential targets and educate personnel on how to recognize a possible BEC attack.
- Avoid posting detailed personal information on social media sites that play into the hands of those looking to personalize their social engineering scams.
- Job descriptions, organizational charts, and other details that hackers could use to facilitate targeted phishing scams should be removed from company websites.
- Establish policies that cross-reference the sender's email address whenever an email contains a sensitive request.
- Deploy a robust cybersecurity solution that detects and flags keywords common in fraudulent emails such as "payment," "urgent," "sensitive," and "secret." The solution should also be able to quarantine and report any potential instances of business email compromise scams.
With SafeGuard Cyber, you can more effectively protect yourself and your company from BEC schemes that cross communications channels. Talk to our experts and schedule a demo here.
If you are interested in learning more about the SafeGuard Cyber solution, you can take a quick 5-minute tour.
