Businesses see more BEC attacks in 4Q — Kaspersky


In 4Q21, Kaspersky products prevented over 8,000 BEC attacks, with the greatest number (5,037) occurring in October. — Bernama photo

KUCHING: Business e-mail compromise (BEC) attacks, a type of fraud that involves impersonating a representative from a trusted business, have scaled up to 8,000 in the fourth quarter of 2021 (4Q21), Kaspersky highlights.

According to Verizon, it was the second most common type of social engineering attack in 2021, and the FBI reported that BEC attacks cost US businesses more than US$2 billion from 2014 to 2019.

Kaspersky experts are increasingly observing BEC attacks. In 4Q21, Kaspersky products prevented over 8,000 BEC attacks, with the greatest number (5,037) occurring in October.

Throughout 2021, the company’s researchers closely analysed the way fraudsters craft and spread fake emails.

As the result, they found out that the attacks tend to fall into two categories: large-scale and highly targeted.

The former is called ‘BEC-as-a-Service’, whereby attacks simplify the mechanics behind the attack in order to reach as many victims as possible.

Attackers sent streamlined messages en masse from free mail accounts, with the hope of snaring as many victims as possible. Such messages often lack high levels of sophistication, but they are efficient.

In a scenario provided by Kaspersky, an employee receives a fake email from a more senior colleague. The message is always vague telling that one has a request to handle.

A victim may be asked to urgently pay off some contract, settle some financial conflict, or share sensitive information with a third party. Any employee may potentially become a victim.

There are several noticeable red flags in such a message. There is no corporate account used, and the sender clearly is not a native speaker.

At the same time that some criminals are relying on simplified mass mailouts, others are turning towards more advanced, targeted BEC attacks.

The process works as follows: attackers first attack an intermediary mailbox, gaining access to that account’s e-mail.

Then, once they find a suitable correspondence in the compromised mailbox of the intermediary company (say, financial matters or technical issues related to work), they continue the correspondence with the targeted company, impersonating the intermediary company.

Often the goal is to persuade the victim to transfer money or install malware.

Since the target is, in fact, engaging in the conversation referenced by the attackers, they are far more likely to fall victim to the scam.

Such attacks have proven to be highly effective, and that is why they are not only used by small-time criminals looking to make a quick profit.

“Right now, we observe that BEC attacks become one of the most spread social engineering techniques,” Kaspersky’s security expert Roman Dedenok commented.

“The reason for that is pretty simple – scammers use such schemes because they work.

“While fewer people tend to fall for simple mass-scale fake emails now, fraudsters started to carefully harvest data about their victims and then use it to build trust.

“Some of these attacks are possible because cybercriminals can easily find names and job positions of employees as well as lists of contacts in open access.

“That is why we encourage users to be careful at work.”

Kaspersky’s senior product marketing manager Oleg Gorobets said that email remains the primary communication channel for most enterprises due to its widespread use.

“With no replacement on the horizon, it will remain so for years to come,” Gorobets added.

“But as remote working practices and cloud storage become the new norm, along with the growth of poor digital hygiene, we foresee the emergence of new scam methods leveraging these gaps in enterprise security.

“With less control over endpoint security, IT or IT security admins tend to get stressed even if they receive a successful blocking message from EPP.

“A good example of this is email-borne threats reaching the endpoint level, which can occur when using bundled ‘good enough’ email security from telco or cloud mail provider.

“Using a specialised security solution and a well-tested technology stack, backed with quality threat data and machine learning algorithms can really make a difference.”