BEC Continues to Dominate...
As we enter a new year, we note the multitude of cyberattacks that occurred in 2023 across all industries. Huntress, a reputable cybersecurity platform for various companies, recently released a report on BEC (business email compromise) for small and medium-sized businesses. We know that BEC targets our industry, since we handle payments and wiring instructions.
In a typical BEC scenario, you have a target, a phishing email that contains phony links/attachments, and an objective that seeks the diversion of funds other than as intended by the parties to the transaction. BEC attacks had a noticeable surge in Q3 of 2023. In fact, 64% of threat actors’ attacks with BEC were identity-focused incidents that involved the malicious forwarding of emails. This is a common tactic used by threat actors to evade detection; once they are secretly in an email chain, they establish various mailbox rules to send legitimate incoming messages to other sub-folders or hidden folders. Another 24% of attacks will contain hits from unusual or suspicious locations. In other words, these “new” logins are obviously outside a company’s networks, but most importantly, they are likely from different countries.
In addition, threat actors are finding new ways around email defenses. In response, Microsoft 365 has implemented many measures to thwart phishing, BEC, and other types of attacks. Huntress observed that while these measures are good in theory, threat actors are starting to create their payloads as ZIP or ISO archive extensions. Payloads are the components of an attack that can cause large harm to a potential victim. This can be problematic, especially if these types of extensions are not blocked. Since 60% of ransomware incidents contained uncategorized or unknown strings, one can assume that their payloads could be embedded in one of these file types.
As always, Huntress advises extreme vigilance in our attempts to prevent these types of threats/attacks. Similar to what we have noted before, it is critical to question links/attachments; to call and confirm an email, using an independently verified phone number; and to carefully examine the message, particularly if the sender is using urgent tones or asking you to divulge confidential data. If you suspect abnormal activity, please check with your IT Department or outside consultant to have your systems evaluated, as well as your email rules assessed. Email rules are a target of threat actors, as they can create their own “rulebook” on where to divert incoming emails, so unsuspecting users will not notice.
Please contact CATICITSecurity@catic.com if you have any questions concerning this article.
|