Our AI writing assistant, WriteUp, can assist you in easily writing any text. Click here to experience its capabilities.

Shifting tactics fuel surge in business email compromise

View Original View Raw

Summary

In this article, Microsoft's Digital Crimes Unit has observed an increase in sophistication and tactics by threat actors specializing in business email compromise (BEC), including leveraging residential internet protocol (IP) addresses to make attack campaigns appear locally generated. Microsoft also observed a 38% increase in Cybercrime-as-a-Service targeting business email between 2019 and 2022, and a significant trend in attackers’ use of platforms like BulletProftLink to create industrial-scale malicious mail campaigns. Additionally, the FBI reported more than 21,000 complaints with adjusted losses over $2.7 billion, and the FBI’s Recovery Asset Team initiated the Financial Fraud Kill Chain on 2,838 BEC complaints involving domestic transactions with potential losses of over $590 million. The article also provides recommendations for defending against BEC attacks, including maximizing security settings, enabling notifications, blocking senders, setting up authentication, and training employees to spot warning signs.

Q&As

What is the Federal Bureau of Investigation (FBI) reporting in terms of business email compromise (BEC) complaints?
The Federal Bureau of Investigation (FBI) is reporting more than 21,000 complaints with adjusted losses over $2.7 billion in terms of business email compromise (BEC) complaints.

How have cybercriminals been leveraging residential internet protocol (IP) addresses to evade detection?
Cybercriminals have been leveraging residential internet protocol (IP) addresses to make attack campaigns appear locally generated and to evade "impossible travel" alerts used to identify and block anomalous login attempts and other suspicious account activity.

What type of malicious emails have been observed to be targeting enterprises?
Top trends for targeted BEC include lure, payroll, invoice, gift card, and business information.

What types of steps can organizations take to mitigate the risk of BEC attacks?
Organizations can configure their mail systems to flag messages sent from external parties, enable notifications for when mail senders are not verified, block senders with identities they cannot independently confirm, set up strong authentication, and educate employees to spot fraudulent and other malicious emails.

How can organizations protect identities to prohibit lateral movement?
Organizations can protect identities to prohibit lateral movement by controlling access to apps and data with Zero Trust and automated identity governance.

AI Comments

👍 This article provides a comprehensive overview of business email compromise attacks, including detailed explanations of tactics, prevention, and response. It is an excellent resource for businesses looking to stay informed and protect themselves from cyber threats.

👎 The article does not offer any proactive solutions for businesses to prevent business email compromise attacks, such as adopting secure payment platforms or training employees to spot warning signs.

AI Discussion

Me: It's about the rise in business email compromise (BEC) and how threat actors are using residential IP addresses to make the attack campaigns appear locally generated. The FBI reported more than 21,000 complaints with adjusted losses over $2.7 billion last year. Microsoft has also observed an increase in sophistication and tactics by these threat actors.

Friend: Wow, that's really serious. What are the implications of this?

Me: Well, it's showing that this type of cybercrime is becoming more widespread and sophisticated. It's also showing that attackers are using residential IP addresses to evade detection and bypass “impossible travel” alerts, which can be used to identify and block anomalous login attempts and other suspicious account activity. It's also highlighting the need for stronger security measures like multifactor authentication, DMARC policies, secure email solutions, and better training for employees to help spot warning signs of BEC attacks.

Action items

Implement a secure email solution with AI capabilities like machine learning to enhance defenses.
Establish policies and expectations for employees to contact organizations or individuals directly to double-check financial and other requests.
Adopt a secure payment platform and use a phone call to verify financial transactions.

Technical terms

Business Email Compromise (BEC): A type of cyber attack in which an attacker attempts to gain access to an organization's email accounts in order to steal sensitive information or money.
Cybercrime-as-a-Service (CaaS): A type of cybercrime in which criminals offer services to other criminals to facilitate cybercrime.
Residential Internet Protocol (IP) Address: An IP address assigned to a home or business network by an Internet Service Provider (ISP).
Impossible Travel: A detection used to indicate that a user account might be compromised. These alerts flag physical restrictions that indicate a task is being performed in two locations, without the appropriate amount of time to travel from one location to the other.
Domain-Based Message Authentication, Reporting, and Conformance (DMARC): A security protocol that helps protect email senders and recipients from email spoofing.
Zero Trust: A security model that assumes that all users, devices, and services are untrusted and must be authenticated and authorized before they can access resources.