Dismiss this notice
EaseUS Partition Master Professional Halloween 2020 Giveaway - [Only registered and activated users can see links Click here to register]

Dismiss this notice
SoftMaker Office Standard 2021 Halloween 2020 Giveaway - [Only registered and activated users can see links Click here to register]

Dismiss this notice
Advanced Uninstaller PRO Halloween 2020 Giveaway - [Only registered and activated users can see links Click here to register]

Dismiss this notice
O&O Defrag 24 Professional Halloween 2020 Giveaway - [Only registered and activated users can see links Click here to register]

Dismiss this notice
O&O DiskImage 16 Professional Halloween 2020 Giveaway - [Only registered and activated users can see links Click here to register]

Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
How to deal with internal BEC
#1
Lightbulb 
Quote:
[Image: fighting-internal-bec-featured.jpg]

BEC attacks that use compromised mailboxes are especially dangerous. Here’s how we learned to identify them.

In recent years, business e-mail compromise (BEC) attacks have become more frequent. Their objective is to compromise business correspondence for the purpose of committing financial fraud, extracting confidential information, or harming a company’s reputation. In our previous post [Only registered and activated users can see links Click here to register], we mentioned e-mail hijacks. Today, however, we’re talking about the most dangerous type of BEC attack — the internal BEC. We recently developed and implemented a new technology to protect against this particular threat.

Why an internal BEC is more dangerous than an external one

Internal BEC attacks differ from other attack scenarios in that fraudulent e-mails are sent from legitimate addresses within one company. In other words, to initiate an internal attack, an attacker has to have gained access to an employee’s mail account. That means you cannot rely on e-mail authentication mechanisms (DKIM, SPF, DMARC) to prevent one; nor will standard automatic antiphishing and antispam tools, which look for inconsistencies in technical headers or altered addresses, help.

Usually the letter from the compromised mailbox contains a request to transfer money (to a supplier, contractor, tax office), or send confidential information.

And it’s all seasoned with some fairly [Only registered and activated users can see links Click here to register]. The cybercriminals try to rush the recipient (if we don’t pay the bill today, the company will get fined!), make threats (I asked you to make the payment last month, what the hell are you waiting for?!), adopt an authoritative tone that brooks no delay, or use other ploys from the social-engineering playbook. Combined with a legitimate address, it can create a very convincing impression.

Internal BEC attacks can also deploy e-mails with links to fake sites whose URLs differ from the target organization’s address (or another trusted page) by just one or two letters (an upper-case “i” instead of a lower-case “L,” or vice versa, for example). The site might host a payment form or questionnaire asking for confidential information. Consider receiving an e-mail something like this from your boss’s address: “We decided to send you to the conference. Book the ticket from our account ASAP so we can get the early-bird discount.” Together with a link that looks like the site of the most important event in your industry, that looks pretty convincing. What are the odds you’ll take the time to carefully study each letter in the name of the conference if everything, down to the e-mail signature seems fine?

How to protect the company from internal BEC attacks

Technically, the e-mail is perfectly legit, so the only way to recognize a fake is to judge the content. By running many crooked messages through machine-learning algorithms, it is possible to identify traits that, in combination, can help determine whether a message is real or part of a BEC attack.

Fortunately (or not), we have no shortage of samples. Our mail traps pick up millions of spam messages around the world every single day. They include a considerable number of phishing e-mails — which are not internal BEC, of course, but employ the same tricks and have the same goals, so we can use them for learning. To start with, we train a classifier on this large volume of samples to identify messages containing signs of fraud. The next stage of the machine-learning process operates directly on the text. The algorithms pick out terms for detecting suspicious messages, on which basis we develop heuristics (rules) our products can use to identify attacks. A whole ensemble of machine-learning classifiers is engaged in the process.

But that’s no reason to sit back and relax. Our products can now detect far more BEC attacks than before, but having gained access to an employee’s e-mail account, an intruder can study their style and try to imitate it during a unique attack. Vigilance is still critical.

We recommend that you look long and hard at messages requesting a financial transfer or disclosure of confidential data. Add an extra layer of authentication by phoning or messaging (in a trusted service) the colleague in question, or speaking to them in person to clarify the details.

We use the heuristics our new anti-BEC technology generates in [Only registered and activated users can see links Click here to register], and we have plans to implement them in other solutions as well.
...
[Only registered and activated users can see links Click here to register]
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Recent Posts
Email client Thunderbird 78.5.1 released
A new version o...harlan4096 — 09:55
Android Messenger App Still Leaking Phot...
The GO SMS Pro And...silversurfer — 08:08
Misconfigured Docker Servers Under Attac...
Researchers have d...silversurfer — 08:05
Magecart Attack Convincingly Hijacks Pay...
Just in time for a...silversurfer — 08:03
Cayman Islands Bank Records Exposed in O...
A Cayman Island in...silversurfer — 08:01

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
avatar (38)ivyhuv
avatar (36)Enlargedterrestrial20

[-]
Online Staff
There are no staff members currently online.

>