14 December 2022
An essential communication channel for professionals and individuals alike, corporate messaging remains an attack vector favored by cybercriminals. According to a report by the PhishMe company, 91% of cyberattacks would use email as the first attack vector. While spam (sending unwanted emails) and phishing campaigns rely on mass mailings, other techniques such as Business Email Compromise (BEC) implement targeted attacks. What could be the consequences of these attacks? How to recognize this threat and protect yourself from it? In this article we share an overview and analysis of this phenomenon.
Business Email Compromise: definition
Business Email Compromise is a modus operandi that consists of using a company's email to encourage employees to carry out malicious operations (banking transactions, dissemination of sensitive information). The modus operandi consists of either compromising the email account of a company employee in order to circumvent email protection solutions, or to usurp his identity through a domain name similar to that of the business victim.
In many cases, the Business Email Compromise is used with the aim of obtaining financial transfers by impersonating of the CEO of the victim company or that of a member of the executive.
The modus operandi of these targeted attacks is generally organized into 4 phases.
Business Email Compromise attacks can take different forms. Here are some of the most common.
Business Email Compromise hits European companies. In 2018, the management team of Pathé Netherlands was the victim of a BEC type email . Appearing to come from the CEO of Pathé France, the email referred to a so-called deal to acquire an entity in Dubai. The cybercriminals managed to convince the team to make several payments, for a total loss of nearly $21 million.
In its 2022 Internet Crime Report, the FBI points out that losses from Business Email Compromise attacks cost US businesses $2.4 billion in 2021 (a 28% increase over the year 2020). The FBI even considers it to be the most lucrative type of attack, far ahead of the highly publicized ransomware. And the trend is clearly on the rise. The Global Business Email Compromise Industry Could Reach $3.3 Billion in Revenue by 2028.
While the financial impact is the most obvious, companies that fall victim to this modus operandi can also damage their reputation or expose themselves to more advanced cyberattacks, such as the deployment of malware in the company after obtaining initial access.
Some key recommendations
To deal with the BEC, the recommended security policies include strict password management (compulsory use of complex passwords, renewed regularly), multi-factor authentication and systematic verification of the relevance of a request and its sender as soon as the e-mail seems suspicious.
On the side of cybersecurity tools, fraudulent email detection mechanisms should be used to block emails from suspicious domains or unknown recipients. The DKIM and SPF e-mail authentication protocols make it possible to check whether the received e-mail has indeed been sent from a legitimate server. Finally, cybersecurity awareness programs have every interest in integrating examples of Business Email Compromise and dissecting their operating methods in order to raise the level of knowledge and vigilance of employees on the subject.
Although they constitute a first line of defence, traditional detection tools are no longer sufficient today to fight against increasingly sophisticated attacks. The use of artificial intelligence and heuristic analysis can improve content inspection: analysis of suspicious activity patterns, real-time phishing detection, detection of fake e-mails, logo spoofing brand, analysis of links etc. Integrated into the Microsoft 365 and Google Workspace environments, these technical solutions improve the ability to detect Business Email Compromise while alerting the user by most often displaying a banner in the email in case of doubt about the identity of the sender.
Less publicized and less spectacular than ransomware, attacks of the Business Email Compromise type are nevertheless devastating from a financial point of view, and can cause substantial losses. To protect against this, companies need to strengthen their verification processes around payment requests. At the same time, prevention and employee awareness work would make it possible to raise awareness of the threats linked to Business Email Compromise, and therefore to improve reflexes.