Webinars
10-Minute Tech Talk:
- Announcement: Make an upgrade plan now! Windows 10 is officially retiring in October
10-Minute Tech Talk:
Business Email Compromise (BEC) is currently a raging storm in the world of cybercrime, showing remarkable growth and leaving financial devastation in its wake. The FBI’s 2022 report on BEC serves as a stark reminder, with business losses attributed to BEC taking the top spot among complaints to the IC3. The numbers are staggering, with losses soaring by an alarming 500% from 2016 to 2022.
Your organization is a prime target for cybercriminals who are on a mission to steal sensitive data and orchestrate billion-dollar fraud operations. They’re not resting on their laurels; instead, they’re constantly fine-tuning their methods to impersonate trusted contacts and infiltrate cloud environments.
New defense mechanisms are in your reach.
Watch our recorded webinar below to learn more about how to prevent and isolate business email compromise today.
Okay, by my computer it is 12:10. Thank you for joining us today. I am Cathy Coloff from IT Radix, and today we are going to talk about how you can boost your security. In particular, we’re going to spotlight BEC. Some of you may be saying, “well, what the heck is BEC?” It’s an acronym that us IT folks love that stands for Business Email Compromise. The basic concept here is that typically it’s a cybercriminal. They’re assuming the identity of someone that you trust, or they may assume your identity in hopes of getting at folks that trust you. They do this by relying heavily on social engineering techniques to get into your email account, in particular, because email is the starting point of pretty much 80% of the cyber incidents that occur today.
The main message here that we want to get across is please don’t be like these men here. Don’t put your head in the sand. Cybercrime is the third largest economy today. The U.S. is #1, China #2. Cybercrime is the third largest economy today. I’m going to repeat that—it’s HUGE! You can see here, in the year 2022, what’s been reported. This is what’s reported; you don’t necessarily know what has actually been happening. They estimated somewhere around $2.4 billion dollars of loss incurred by businesses. I will say, I’m going to talk a lot here, but if you have any questions, you can put them in the chat, you can raise your hand, and I will probably take them towards the end because I want to try to get through this.
Business Email Compromise (BEC) Attacks Are Increasing
You can see here BEC attacks have doubled in 2022. The numbers for 2023 are still being calculated and to be reported, but what I wanted to do today was just to share a few stories that have occurred around in our local area.
Story #1: Logistics / Distribution Company
The first story is a logistics or a distribution company that is in our area. They were supplying someone with some medical devices. What they didn’t know was that their email account had been compromised. They were a victim of BEC. The cybercriminals waited inside of that mailbox for almost three months before they did anything, and then at that point what they did was they saw that one of their clients, one of the logistics company’s clients, was purchasing some goods and was getting ready to make payment. So, what they did was they altered the email that was sent to the client, and they altered the payment instructions and ultimately the payment was diverted from the local logistics company to the bad guys. Of course, now, their client is upset, and the logistics company has a dilemma because they haven’t been paid. Basically, this is an example of conversation hijacking. Just imagine you’re the person on the left here riding along in your motorcycle and what you don’t realize is there’s a big angry bear or a cyber bear riding along with you. They wait until the right moment, they insert themselves into the conversation, and they divert funds. In this particular case, the recipient of that email, they did have business processes in place to protect them where they got this new email wire instructions, so they picked up the phone to call. What they didn’t do was they called the phone number that was in the email. They didn’t go look up the phone number somewhere else. So, when they picked up the phone and they called they were literally calling the bad guys and the bad guys of course confirmed that, yes, all the wire transfer information is accurate. So, ultimately, the money was diverted and lost.
I’d like to tell you another story about a local non-for-profit that we’re working with now. What happened here, similar situation, they were a victim of Business Email Compromise. In this case, what happened was the compromised account was used to blast out another 10,000 messages trying to trick other people into, you know, sort of proliferating this attack. What ended up resulting is that this not-for-profit ended up being on a lot of blacklists or block lists from an email standpoint which meant that their email messages that they were sending out after this occurrence were not being delivered. They ended up on the on the block lists, their central ones as well as ones at each organization can block their at the at the mail server level. This was a critical time for them. They were in the middle of a fundraising push to get people to attend their Gala, and this is essentially what resulted—their attendance was way down because most of their email marketing that was being sent out was now being blocked because of the cyberattack and the Business Email Compromise that had happened a few months prior. Obviously, also not a good PR message for the not-for-profit to occur.
The next story I’d like to tell you about and this is a local private school around here. You may recognize this particular school. Maybe you’re sending your kids to Hogwarts, I don’t know, but in this case the parents had to apply and send/share some of their financials to show that they indeed had the ability to fund the attendance of their children to attend this private school. The private school was someone in the organization, their email was breached. The account was used not necessarily to read the email but then to move over into the files that the email account had access to in OneDrive and in SharePoint and they were able to exfiltrate all the financial data that these parents had submitted as part of the application for their children to attend this school. Well, you can imagine the PR nightmare that ensued after this because now the school was required to notify the parents that their financial information had been released or exposed and exfiltrated.
It Will Happen to You!
So, all of these things are just to try to give you a reminder that it can happen to you! We’ve seen it in law firms, medical device company (I mentioned), copier companies, transportation companies, personnel agencies, accountants, you name it… nobody is immune! What you really need to do now is to understand that it’s not “if” it’s going to happen to you but “when.” So, what you really want to do is make sure that you have something in place that is protecting you.
We would like to introduce you to a concept called Manage Detection and Response (MDR). Basically, the idea here is that you want something that is continuously monitoring, 24/7, detecting and looking for any of these types of things: suspicious logins, suspicious email forwarding, or rules. So, in the story I shared about the logistics company, what was happening there was again I said they were in, they waited about three months, so come month three, the message that they were looking for that was talking about payment information, they wrote a rule that diverted that so that it was never seen by the person whose mailbox they were in. It was in their deleted items folder and the person whose mailbox it was completely unaware that any of this was happening. So, this is considered unusual. They’re looking for unusual logins you know being logging in in two places that are halfway around the world from each other, that is unusual somewhat physically impossible, but it could happen. Same thing with permission changes and privilege escalations.
So what you want to do is you want to have technology, in particular we’re leveraging AI here, but you’re also laying on that human expertise so that when you’re looking at as I mentioned somebody logs in half way around the world, it could be a scenario where the person’s on vacation and they left their computer on at home so, yes, they’re logged in at home and they’re logged on from France where they’re on vacation or it could be that, yes, somebody is actually logging in from another part of the world into that mailbox. So, with the Manage Detection and Response, what it’s doing is it’s looking for all of these things, it’s flagging them, it’s alerting them, and in a situation where something is deemed suspicious or unusual enough, they actually isolate the mailbox and prevent additional damage or limiting the blast of what the bad guys are able to do.
So, what we’d like to propose to you is that you get yourself some Managed Detection and Response, particularly for your Microsoft 365. We would be happy to talk to you about scheduling a cybersecurity review to make sure that your 365 environment is up to snuff. And the other piece around this is that October is Cybersecurity Awareness Month, so the vendors have offered a free setup of MDR for 365 through October. We would love to get this in place for all of our clients; and if you’re not a client, we would love to talk to you about why you should be. What the main goal here is to avoid turning into an angry monster when a Business Email Compromise occurs for you.
So now, with that, I’m going to pause here and just see if there were any questions while I was talking. I don’t see any in the chat. I think we’re good to go. I wanted to thank everyone for joining us, again, Cathy from IT Radix, and let’s make sure that we stop the Business Email Compromise in its tracks by implementing some MDR for you. Have a nice day!