How attackers are abusing high-profile users and executives

Credit to Author: Trend Micro| Date: Fri, 15 Jun 2018 19:56:20 +0000

BEC is on the rise, but advanced AI writing style analysis could provide the key to protection.

Email is the prime communication channel for businesses and their employees worldwide. In fact, last year saw more than 269 billion emails sent per day, and Radicati Group researchers predict that by 2021, this number will rise to over 319 billion.

With so much critical and sensitive communication and collaboration taking place over email, organizations can never be too secure when it comes to their digital discussions. As the recent threat of Business Email Compromise (BEC) shows, executives and high-profile users in particular – as well as the individuals they connect with over email – must be especially careful.

A BEC primer

As Trend Micro's Paradigm Shifts report noted, BEC-related attacks and theft are on the rise and will continue on this trajectory in the near future. The FBI found BEC attacks have impacted companies in more than 100 different countries, while BEC-associated financial losses increased by more than 2,000 percent between January 2015 and December 2016.

"BEC-associated financial losses increased by more than 2,000 percent."

As the name suggests, BEC attacks center around the use of email. Attackers can carry out several different approaches to support their attacks, but the overall goal of BEC – formerly known as "Man-in-the-Email" scams – is to compromise an executive's or high-profile user's email in order to facilitate fraudulent wire transfers.

As Trend Micro explained in its report, attackers target businesses that provide executive email addresses and those who conduct wire transfers to support relationships with suppliers. These attacks leverage social engineering to enable hackers to create the most realistic and seemingly legitimate email possible, sent from a compromised or spoofed email address belonging to a company decision-maker.

Because hackers target high-profile users' email addresses to support their attacks – alongside social engineering-gleaned insights – victim recipients of these emails believe that the messages, as well as the requests within them, are coming directly from their manager, supervisor or C-suite executive.

By the end of 2018, BEC scams will cost victim businesses more than $9 billion.BEC scams will continue to affect many companies through year's end.

Common BEC strategies

The key element involved in every type of BEC attack is the use of a specific email address. Hackers typically pinpoint executives or other management-level employees, using these high-profile users to their advantage as a springboard to facilitate fraudulent transfers. After all, if an executive emails an employee requesting a wire transfer to pay a supplier, it may not appear all that out of the ordinary.

As Trend Micro outlined, there are several common types of BEC strategies used by today's hackers:

  • Invoice Schemes see cybercriminals posing as company's foreign suppliers, requesting payment for bogus invoices. Recipients, believing the email came directly from a vendor partner, transfer funds to settle the payment, but money is actually sent to an account set up by fraudsters.
  • CEO Fraud is particularly common, and includes a stolen or spoofed CEO email account. Hackers writing from the CEO's spoofed email address email a company employee asking them to transfer money to a malicious, hacker-controlled bank account.
  • Attorney Impersonation is similar to CEO fraud: Cybercriminals pose as a high-profile attorney or member of a law firm and claim to be responsible for confidential matters.
  • Data Theft includes hackers targeting members of the HR team in order to access personally identifiable information, tax statements or other sensitive data belonging to employees and executives in particular. These details can then be used to support future attacks.

BEC scams can be centered around a single attack strategy or use a combination of the above-described approaches. For example, an attack may begin with data theft, which is then utilized to commit CEO fraud.

One thing that makes these types of attacks so unique is the fact that, unlike traditional ransomware and other malware infections, BEC does not include a malicious link or attachment. In this way, it makes it particularly difficult for conventional security solutions to pinpoint and raise the alarm about suspicious activity that could point to a BEC attack.

Targeting users in positions of authority

In order for BEC to be successful, hackers must utilize the email address – either stolen or spoofed – of a staff member in a position of authority. After all, if a low-level worker attempts to request a wire transfer, invoice payment or sensitive information, it would surely raise red flags within the enterprise.

For these reasons, hackers tap into the administrative control and responsibility that only executives and other managers or supervisors have with the rest of the company's staff. And as information about business management structure is often publicly available, these attacks often aren't difficult for cybercriminals to carry out. Leveraging public information, social engineering and phishing, BEC is becoming an incredibly challenging and dangerous threat to corporations across industry sectors.

"The simplicity of knowing a target organization's hierarchy (which may even be publicly available on social media and corporate websites) and the brevity of the emails make a case for an efficient ploy to funnel money," Trend Micro's Paradigm Shifts report stated. "We will continue to see BEC scams that involve company executives being impersonated to wire sums of money."

Man in a suit pointing to AI icon, among other icons like "Reasoning," "Computer," "Knowledge," etc. AI is an optimal tool for guarding against BEC and email fraud.

Guarding against BEC: AI could hold the key

As Trend Micro's report pointed out, and as these stories from victim businesses gathered by Guardian Analytics demonstrate, BEC emails are often short and leverage authoritative language to spur fraudulent money transfers. Employee awareness and security training can help organizations avoid these expensive and damaging instances, as can policies that ensure staff members check with officials through more than just email before sending a wire or money transfer.

In addition, as Trend Micro's new capabilities show, artificial intelligence provides an essential element for BEC protection. Trend Micro recently announced new AI-powered features incorporated into several different products which can analyze writing styles to help pinpoint BEC and email fraud attempts.

This development represents an industry first and involves use of writing style "blueprints" covering more than 7,000 different writing characteristics. Trend Micro solutions that include this advanced capability can then compare the user's writing blueprint to any suspicious emails. A warning is also sent to the implied sender, the recipient and the organization's IT department.

In this way, any suspect emails are closely analyzed, and key internal stakeholders are made aware of the potential threat and fraud as soon as possible – before a money transfer can be delivered to hackers. Because 70 percent of BEC attacks include emails that impersonate the CEO, president or managing director of the business, AI-powered analysis of writing styles provide a key level of protection not possible through traditional detection systems that seek out malicious attachments and other traditional attack strategies.

"Writing Style DNA provides authorship analysis to complement existing AI inspection layers that focus on email intent and attacker behaviors by checking info in the email header and the email content," Trend Micro explained in a press release. "In doing so, it's able to spot attackers who hijack legitimate domains/accounts to circumvent traditional filters."

To find out more about this industry-first use of AI to guard against BEC, connect with the experts at Trend Micro today.

The post How attackers are abusing high-profile users and executives appeared first on .

http://feeds.trendmicro.com/TrendMicroSimplySecurity