PREDICTIVE INTELLIGENCE

Robust email protection is a necessity for defending against one of the industry ’ s most sophisticated attack types ; Business Email Compromise ( BEC ). Andrew Rose , Resident CISO , Proofpoint , offers some top tips to avoid falling victim to these types of attacks and highlights the importance of adding an extra layer of protection to your business to ensure cybersecurity is everyone ’ s responsibility . usiness Email

Compromise ( BEC ) has fast become an expensive headache for organisations around the world . In 2020 , BEC schemes cost victims over US $ 1.8 billion . That ’ s almost half of all cybercrime losses .

BEC attacks are incredibly difficult to detect and deter by their very nature . They are designed to blend in and often do not include the traditional red flags of malicious URLs and payloads . Instead , BEC relies on a complex web of spoofing and social engineering techniques to trick unsuspecting users .

In most cases , a threat actor poses as a trusted person or entity , be it a colleague , business partner or vendor . The attacker then sends an email directing the victim to carry out a required action , such as changing bank details on an invoice or making a wire transfer .

But while most attacks follow this blueprint , each has its own identity . And with such lucrative rewards on offer , cybercriminals are only growing more sophisticated and tenacious in their attempts to separate unwitting businesses from their hard-earned cash .

To highlight the scale of the issue , below is a rundown of some of the boldest recent BEC attacks , along with tips on avoiding a similar fate .

German Health Authority

Healthcare has long been in the crosshairs of cybercriminals . Masses of sensitive data , a need for uninterrupted service and a vast network of files and systems make the industry an incredibly attractive target .

Add to this the disruption caused by the pandemic , and keeping threat actors at bay is an almost impossible task , as one German healthcare authority knows only too well .

During the height of the pandemic across Europe , four cybercriminals almost convinced the authority to transfer a € 14.7 million payment for PPE into their clutches . However , they only managed to steal € 2.4 million before Interpol and the German police shut down the con .

Andrew Rose , Resident CISO , Proofpoint

The fraudsters created a clone of a legitimate supplier ’ s website , compromised email addresses and successfully took an order for 10 million face masks .

After failing to deliver and making demands for extra fees , the health authority became suspicious and turned to law enforcement for help . Fortunately , the victim in this case was able to recover the funds , though that is far from the norm .

Rijksmuseum Twenthe

Emboldened by their success in recent years , cybercriminals are not shy when it comes to seeking out big payoffs . To this end , we see BEC attackers setting their sights on banks , governments , large corporations and , in this instance , art dealers and museums trading in multimillion-dollar masterpieces .

In January 2020 , Rijksmuseum Twenthe , a national museum in the Netherlands , lost US $ 3.1 million to a cybercriminal posing as a famous London art dealer . The scammer interjected in legitimate communication between the museum and the dealer over the sale of John Constable ’ s 1824 painting , View of Hampstead Heath . Child ’ s Hill , Harrow in the distance .

By either compromising or spoofing the dealer ’ s email account , the scammer ‘ updated ’ the payment information before the sale closed . The painting www . intelligentciso . com

33