• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   How hackers have improved their BEC attack methods

How hackers have improved their BEC attack methods

  • Posted on:August 30, 2017
  • Posted in:Industry News, Security
  • Posted by:
    Trend Micro
0
BEC attacks have become more sophisticated to fool users.

 

Email is increasingly an integral part of global life, but business email compromise (BEC) attacks could place these communications at risk. Research by The Radicati Group found that 2.9 billion people worldwide will be using email portals by 2019. Each business user will send 126 messages daily by that time, compared to 122 emails sent and received per user every day in 2015. As email is increasingly used for notifications and interpersonal connections in company and consumer settings, it will be essential to evaluate its security capabilities and protect it appropriately.

Receiving spam mail is nothing new, but new threats have taken on a completely new look to fool users into revealing sensitive information or downloading malicious links. BEC attacks in particular have become more popular to target unsuspecting employees. Let’s take a closer look into BEC threats and how hackers have improved this attack method.

What does a BEC attack look like?

BEC attacks aren’t your normal phishing or malware campaigns, and their lucrative nature is contributing to their popularity among hackers. According to Enterprise Times, BEC attacks increased by 45 percent in the last three months of 2016. In a typical BEC scam, attackers impersonate high-level executives and request wire transfers to alternate, fraudulent accounts. This method is becoming increasingly sophisticated to make it look like the emails are coming from legitimate sources, convincing employees to make the payments.

BEC emails convince users to wire transfer money to cyber criminals.BEC emails convince users to wire transfer money to cyber criminals.

All it takes is one email with lax security protocols for a BEC attack to be successful. Attackers often go after an executive’s account or publicly listed email, and use keyloggers or phishing to monitor the user’s behavior. Hackers carefully track the user’s movements to determine who initiates wires and who can request them. Malicious parties lie in wait and do a lot of research to execute the scheme and receive the money successfully. Trend Micro research found that BEC schemes can involve asking to wire funds for invoice payments to a bogus supplier. Hackers usually pose as an exec, employee or lawyer, emailing the finance department to transfer funds quickly and discretely. Pressure from these demands and the seeming legitimacy of the claims make it more likely for finance professionals to follow through and wire the money, earning cybercriminals a lucrative payday for their efforts.

The many faces of BEC

BEC attack methods are extremely convincing, and they are evolving to ensure that users are effectively persuaded to send money to cybercriminals. According to a report by the FBI, BEC attacks are believed to have caused $1.6 billion in losses in the U.S. – $5.3 billion globally – since 2013. In the last half of 2016 alone, U.S. victims reported losses of $346 million as a result of BEC techniques. This threat is clearly not something to trifle with, and businesses should adequately prepare to address it.

BEC attacks shows no sign of slowing down. BEC attacks shows no sign of slowing down.

However, it’s becoming much more difficult to separate malicious email threats from the real deal. Trend Micro research noted that keyloggers used as monitors in BEC methods are often sent as an attached executable file. Most of the time, security systems will flag this type of document as malicious, urging the user not to click on it. Hackers have upped their game by attaching HTML pages instead, which launches a phishing page when clicked on. The page will ask for a username and password to view the file, showing images of popular providers to convince the user. When the form is submitted, attackers have all the information they need to take control.

HTML phishing pages are becoming more popular for BEC schemes for a few reasons. HTML files pose no immediate threats in the eyes of anti-spam solutions. HTML pages can also be easily coded and deployed to run on any platform, ensuring a wider range of potential infection. Hackers might use a combination of HTML phishing and keylogger files to get users to bite, making it easier to compromise email accounts and execute BEC attacks.

“Implement a layered security approach to detect, mitigate and prevent BEC.”

Layer your security

Sophisticated techniques like BEC attacks are becoming more common as hackers look for the best ways to breach systems and reap valuable rewards. The only way to beat this type of threat is to implement a layered security approach and ensure that each element works well together to detect, mitigate and prevent BEC. The trick here will be to implement the right security tools in the right places and enforce policies across the board.

The first step should include educating all workforce members about BEC attacks and creating an organization-wide BEC policy. This procedure could include what BEC is, who to report these attacks to and what to do if you suspect that an email is a BEC attempt. Ongoing educational sessions should be provided to prevent knowledge gaps and increase overall awareness. GCN suggested also flagging where emails are coming from and being careful when posting on social media, particularly when it concerns information related to job functions. Taking these steps will help decrease the threat surface and thwart scams.

In terms of technology, business leaders should consider implementing two-factor authentication for email accounts as well as wire transfer requests. This can help cut down on potential attacks, and reveal suspicious activity. Organizations should also leverage an advanced, layered messaging security solution that includes machine learning technology to detect BEC emails without payloads like malicious attachments and links. When all else fails, employees and leaders must take additional measures to verify requests and ensure that they’re coming from the source. For more information on protecting yourself against advancing BEC attacks, contact Trend Micro today.

Related posts:

  1. Ransomware growth will plateau in 2017, but attack methods and targets will diversify
  2. Some of the biggest at-large hackers – and their methods (Part 2 of 2)
  3. Some of the biggest at-large hackers – and their methods (Part 1 of 2)
  4. Flying Under the Radar: How Hackers Use Protection Strategies for Attack

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Trend Micro Offerings Are FedRAMP Authorized and Available on AWS
  • Fujitsu and Trend Micro Demonstrate Solution To Secure Private 5G
  • Trend Micro Receives 5-Star Rating in 2021 CRN® Partner Program Guide
  • Smart Factory Cyber Attacks Knock Out Production for Days
  • Eliminate Hesitations: Security Simplified For Those Building In The Cloud
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.