DGS CyLABs: Business Email Compromise (BEC)

#Txt 

To detect early and block different types of BEC attacks, within the BEC cyber security lab (CyLAB) DGS experts orchestrate training, analysis tools and infrastructure protocols to protect our customers’ operational scenarios. 

With the increase of remote work, relocation of activities, and the use of cloud-based infrastructures, cyber criminals have perfected Email Account Compromise (EAC) scams with increasingly targeted and hard-hitting attacks using e-mail as a tool to gain the trust of recipients and get to their criminal target. 

Specifically, in Business Email Compromise (BEC)-type scams-often also known as CEO fraud-the attacker pretends to be a prominent figure within the company to request payments or other complex transactions, while authorizing different ways to execute them (different IBANs, for example) for temporary or exceptional causes 

BEC scams represent one of the most financially damaging types of cybercrime. In an FBI report, these attacks are estimated to have caused more than $43 billion in losses in recent years, not counting other types of losses and the risks posed by data theft and breaches of information security systems. Nevertheless, even today, some organizations tend to underestimate the severity of BEC attacks because most companies fail to easily and quickly identify these types of incidents, which can come from trusted but compromised vendors or partners. 

Fraud attempts perpetrated using Business E-mail Compromise techniques are complex problems, based on sophisticated social engineering techniques that focus on human weakness and fragility rather than technical vulnerabilities; therefore, they require a defensive approach based on multiple, different and synergistic layers that keep the focus on user awareness of business mail use. 

The attacks are designed to bypass security mechanisms such as spam and virus filters and are so dangerous because they do not contain malicious software (malware) or links to known malicious sites. 

To carry out an attack, hackers deceive the user by using email addresses that resemble known ones (so-called lookalike domains), i.e., domains registered with names similar to the one to be impersonated (using, for example, a zero instead of an o), rather than spoofing the sender’s address; very often, however, the vectors of the attack are totally valid addresses whose credentials have been obtained through phishing emails, brute force attacks, or purchased on the dark web as a result of data breaches. 

In this scenario, it becomes crucial to establish a people-centered protection model in order to prevent, detect and respond to BEC techniques; a model that cannot disregard end-user awareness through ongoing and timely training paths. 

It is then necessary to have tools based on Artificial Intelligence and Machine Learning that ensure mechanisms for monitoring the flow of e-mail communication, so as to react quickly in case of problems, rather than mechanisms that automatically ensure mutual recognition of domains that send and receive e-mail. 

The goal of our CyLAB BEC is to identify guidelines to be able to contextualize and make more effective the tools that the market provides and identify the best techniques to train end users to detect and report suspicious emails. In addition, the workshop aims to raise awareness of tools such as DMARC (Domain-based Message Authentication, Reporting, and Conformance) that protect against email fraud attacks by preventing fraudulent use of one’s domain. 

The laboratory’s focus is on defining different use cases in order to test market-leading products on them and measure their effectiveness in the face of different attack techniques, detecting different types of BECs early and blocking e-mail fraud before it succeeds. 

The identification of these techniques then makes it possible to be able to create targeted simulated attack campaigns focused on these same techniques, campaigns that must eventually be integrated into the training and verification tools for the results of the training. 

In this context, visibility into which users are most attacked and by which types of BEC scams is of particular importance in order to make email flow analysis and training techniques increasingly targeted. 

The results of our laboratory (BEC CyLAB) enable us to offer our clients the advantage of building together a defense customized to their operational scenarios and based on three main paths: 

• The analysis of multiple attributes of mail messages through true machine learning in order to detect various BEC tactics and block email fraud threats before they enter the enterprise. 
• Training end users to empower them to detect and report suspected imposter threats, including relying on information about which users are most attacked and by which types of BEC scams, then organizing internal attack campaigns to test the level of maturity achieved by the organization. 

• Protecting one’s domain from e-mail fraud attacks by preventing fraudulent use and ensuring control over the recipient’s response. 

Find out more about all our other CyLABs here.