Keys to the Kingdom: BEC
Business Email Compromise is one of the top three online security risks facing business today that has the potential to be every bit as devastating as a ransomware attack or a production outage.
What is business email compromise?
Business email compromise (BEC) is where threat actors use convincing impersonation strategies to compromise legitimate business email accounts, conducting unauthorised transfers of funds or defrauding victims by obtaining access to corporate information related to financial accounts.
Emails are the Keys to your Kingdom
The knowledge that $50 Billion is the attributable loss to BEC-related fraud over the last decade won’t make your business more secure. But the fact that the vast majority of all attacks start with an email will. When an attacker wishes to gain access to your organisation, their first port of call is your corporate email accounts. When we break this down it becomes obvious why this is such a common choice for attackers.
Your emails are the master key to your businesses sensitive data and IP, once an attacker has access, they can let down the drawbridge and wonder around your kingdom as they wish. Gathering all the information they need to either deploy malware/ransomware or trick employees into sending over large sums of money.
Anyone is a target
One important context to keep in mind is that just like in the physical world, a large amount of online crime is opportunistic. Now more so than ever before, attackers are financially driven and very efficient. Why would they spend a huge amount of time and resource trying and break into one secure network or a large corporation to earn a few million when they could see much higher ROI from deploying very simple, none time intensive methods to attacks hundreds of unsecure companies for the same money. As a result, an attacker may send out many thousands of phishing emails in the hope that a few are successful in the same way a burglar may try many doors and windows before entering through an unlocked one.
Therefore, we can achieve a great deal with some ‘easy wins’ and improve our security posture even further by implementing effective policies and user awareness training. This won’t make you impenetrable, but it will ensure you present a much smaller attack surface and therefore a less inviting target to an attacker.
How to protect against BEC scams
Easy to implement methods
Right at the ‘zero’-end of the sliding scale of difficulty, enforce two-factor authentication (2FA) on all mail accounts. In environments where this may not be practical, consider biometrics or hardware tokens such as USB keys or magnetic card. Another layer of authentication incorporating a physical, real-time element can stop an attack at the outset.
- SPF (Sender Policy Framework)
- DKIM (DomainKeys Identified Mail)
- DMARC (Domain-based Message Authentication, Reporting & Conformance)
If you’re on Microsoft’s 365 platform then the first two are done for you, DMARC can be implemented in a matter of clicks.
Know your admins! Limit the number of email exchange administrators in your organisation to those that are really necessary, using the principle of least privilege as a guide. A rogue admin can exert maximum damage with minimal effort, so it’s critical to keep the number small and the list current. If nowhere else, 2FA here is an absolute must.
Moderate to implement methods
Make best use of the tools available to you:
Modern mail platforms such as M365 come with a host of built-in functionality such as automatic quarantine based on file type (do you expect users to be receiving VB scripts by email?), malware & spam filtering and user-level reporting functions. Take the time to understand these and set policies that are appropriate and effective for your organisation. See our top 10 tips for securing M365 here.
Train the human:
No amount of policy or technology can defend against the click of a link or the opening of an attachment. Help your users to understand the risks, show them how to avoid becoming a victim, give them the tools to reports suspicious activity and they will become another layer in your defence strategy. Simulated phishing campaigns and regular, delivered training will have a positive impact and a good return on the investment.
Patch, patch, patch:
New vulnerabilities are weaponised and for sale in dark web markets daily, it is critical to stay abreast of these and ensure you are applying vendor patches as soon as they become available. In larger enterprises this can be a challenge, ensure that you have a structured and achievable patching regime and be prepared to respond out-of-band to critical-release patches.
e2e – Monitor. Detect. Respond.
This is our domain. At e2e we’ve protected critical infrastructures for over a decade and during that time our defenders have witnessed some of the most advanced adversaries launch attacks on a global scale.
We protect you by deploying monitoring and giving you visibility of your networks, we use our advanced detection algorithms to find discover threat actor activity and mitigate against it before it achieves penetration.
Prepare. Plan. Practice.
We will always plan for the worst and strive to achieve the best, helping you develop and practice your Backup and Incident Response plans and tune your recovery strategies. Our all-source intelligence feeds curated over the last ten years give us the upper hand on the criminals, keeping tracks on their capabilities, infrastructures and campaigns. We can be your outsourced SOC, integrate with your in-house team or develop a solution that works for you.
We understand that when an incident occurs, you’re not always going to be immediately at your workstation, because life happens! With this in mind, e2e’s in-house development team have produced a powerful solution to sit alongside Cumulo, our developed SIEM solution.
Approved by Microsoft and available right now from their app store our app allows you to maintain a full vantage point of tickets, incidents and with the right licencing model, full coverage of your organisation’s security operations. You have the ability to instantly review and approve or escalate actions from our SOC team, with your responses fed straight back to the heart of our Operations Centre.
Featuring Live Incident Management, an intuitive dashboard, summaries and notifications, the app also gives you the ability to communicate in real-time with our SOC Analysts via its MS Teams integration using direct messaging or multi-user bridge calling. If you just need to pull back information, the built-in smart bot is capable of actioning these requests for you, leaving team members free to focus on situational developments.
Don’t just take our word for it, grab a copy now and speak with your Account Manager about integrating the functionality into your plan. The e2e app at Microsoft’s store
We’re incredibly proud of our team and our tech and are equally happy presenting to your board or giving a technical deep-dive to your network team, drop us an email or click the link (it’s safe) to find out more.