While ransomware is the cyberattack most feared by businesses , another form of cybercrime is slipping under the radar, one that is provi...
Often these messages pretend to be from someone the victim knows, such as their boss, a colleague, or another known and trusted business contact. The attackers can steal hundreds of thousands of dollars just by sending a few emails – and by the time the victim has realized they've been duped by cybercriminals, it's too late. And while ransomware is the most high-profile form of cybercrime targeting businesses, it's BEC scams that are the most financially damaging.
Business Email Compromise (BEC) is characterized according to its different forms. In addition to compromising an employee’s email account, methods such as spear phishing or CEO fraud are also used, the latter being preferred by criminals for gaining access to confidential company information or money. Companies are often taken for six-, seven- or even eight-digit sums. This happened in 2016 at a well-known Nuremberg-based auto parts supplier, and the damage was about 40 million euros.
"When you look at some of the data that's come out comparing business email compromise to things like ransomware, business email compromise by far comprises the most amount of financial loss for businesses, all over the world," Crane Hassold, senior director of threat research at Agari said.
The FBI lists BEC as the cybercrime with the highest amount of reported losses, accounting for $1.77 billion in losses during 2019 alone. The losses as a result of ransomware over the same period account for a small amount in comparison to $9 million dollars (although more recent ransomware numbers will be significantly. "So while ransomware, gets all the news, it's nothing compared to the amount of loss that's caused by business email compromise," said Hassold.
There are protection mechanisms that defend companies from a case as serious as this one. However, a firewall or an antivirus program is not one of them. Special forms of attack require specific defense mechanisms, which in such cases must take effect particularly quickly.
The lucrative nature of BEC scams is even pushing some cyber-criminal operations away from malware and ransomware attacks and towards wire-transfer fraud. One of these is a Russian-based hacking group that Agari identifies as Cosmic Lynx – they used to distribute malware attacks, but now they're making much more money with phishing and email fraud.
"What we've seen over the past few years is that the cybercriminals have realized that their more technically sophisticated attacks have become less successful. And so what the cybercriminals have done is they've become less technically sophisticated in their attacks," said Hassold.
"Thinking about this as a business from an overhead perspective, there's not really much behind the scenes with a BEC attack, and so the amount of profit you're able to make from those attacks is significantly higher," he added.
One of the reasons BEC is so successful is because the nature of doing business online means actions often need to be taken quickly – and with more people working remotely than ever before, checking to see if that email really came from your colleague is more difficult.
However, if an organization sets up business processes that have to be followed and approval is needed from multiple people in order to send a wire transfer, it could go a long way to preventing BEC attacks. "If there's an established process for wire transfer and for wire-transfer requests, then a lot of BEC attacks would be stopped," Hassold said.