Money transfer frauds are top aim of business email cyber attacks

Tricking recipients into transferring money to cyber criminals is the top objective of business email compromise (BEC) attacks.

Tricking recipients into transferring money to cyber criminals is the top objective of business email compromise (BEC) attacks.Business email compromise is increasingly popular with cyber criminals to steal money and information as well as spread malware, security researchers find

The second most popular objective is to get the recipient to click on a malicious link aimed at stealing information or spreading malware, according to an analysis of more than 3,000 BEC attacks by Barracuda Networks.

BEC attacks are also known as whaling or CEO fraud because attackers typically compromise the email accounts of CEOs and other top executives so those accounts can be used to send messages to more junior staff members, tricking them into taking some action by impersonating the email account holder.

This tactic is extremely effective in manipulating employees as well as partners and customers of targeted businesses because few organisations have processes in place for checking or verifying instructions ostensibly received from a top executive in an email message sent from a genuine account.

In most cases, cyber criminals focus efforts on employees with access to company finances or payroll data and other personally identifiable information(PII).

The study shows that PII is another top target for BEC attackers, accounting for 12.2% of the attacks studied. Another 12.2% were aimed at establishing a rapport with recipients, which in most cases was followed up with a request for a money transfer.

The effectiveness of this attack method has made it extremely popular with cyber criminals, as is indicated by an 80% increase in the number of BEC attacks in the second quarter of 2018 compared with the first quarter, according to a recent report by email management firm Mimecast.

The Barracuda study reveals that in 46.9% of the cases studied, the objective was to trick employees into transferring business money into accounts controlled by the attackers, while in 40.1% of the cases, the aim was to trick them into clicking on a malicious link.

According to Barracuda, email is the top threat vector facing organisations due to the growing number of email-related threats, which include ransomware, banking trojans, phishing, social engineering, information-stealing malware and spam, as well as BEC attacks.

Not surprisingly, the analysis shows that CEO email accounts are the most commonly impersonated (42.95%), followed by other C-level account holders (4.5%), including the CFO (2.2%), and people in the HR and finance departments (2.2%).

CFOs are among the top recipients of BEC emails, representing 16.9% of recipients in the attacks studied, on a par with the finance and HR departments in general and compared with 10.2% received by other C-level execs.

However, the analysis shows that most recipients of BEC emails are in more junior roles, with 53.7% holding roles outside the C-level, underlining the need for regular, ongoing user awareness training.

If you want to save yourself stress, money and a damaged reputation from a cyber incident with affordable, live systems protection please ring us now on 01242 521967 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139

How SMEs can outsource cyber security issues to a Virtual CISO

Top things Small Businesses SMEs should consider when outsourcing cyber security to a Virtual CISO.

 

Outsourcing cyber security operations to a Virtual CISO (Chief Information Security Office) is not only possible, but highly attractive – especially in the face of increasing complexity, the continual evolution of the cyber threat and the current shortage of skilled cyber practitioners.

However, there are some elements that Small Business SMEs and businesses cannot do – outsource the associated business risks and regulatory responsibilities, such as those under the General Data Protection Regulation (GDPR).

While Service Level Agreements (SLAs) governing security services will exist, suppliers are unlikely to provide unlimited liability for consequential losses as the result of a cyber attack, or privacy breach.

You therefore need to be able to make judgements on the services you are being provided and make informed decisions on what is sensible to outsource for your business.

At a business level a CISO will need to retain overall control and management of the organisation’s security policy, disaster recovery, regulatory aspects such as GDPR and high-level incident and media management, but it would be perfectly feasible to outsource the underlying support – such as the actual incident response and aspects of disaster recovery.

However, a full time CISO may not be affordable for small to medium enterprises (SMEs), so an alternative solution that is growing in popularity is to employ a “Virtual CISO”.

These are skilled and experienced CISOs who can provide independent support, to ensure regulatory requirements are being met and that outsourced providers are fulfilling the necessary service levels, at a fraction of the cost of a full-time employee.

Typical security services that can be outsourced include protective monitoring, vulnerability management, firewall management, antivirus etc. How you decide to outsource may depend on whether you already outsource your IT provision or if you use cloud services.

The current trend amongst SMEs is for cloud-based solutions, as they lower the overhead of having your own IT and security management teams, especially when using storage and software services as security controls – like patching and back-ups – are included in the subscription.

Deciding what to outsource to a Virtual CISO is often driven by the need for specialist staff (who are currently in high demand), threat knowledge and the practicality of maintaining your own capability.

As illustration, on occasion you may need an incident response team of several experts covering incident management computer forensics, network forensics, malware analysis, etc. But having these professionals on the payroll full-time, “just in case”, would be too expensive, assuming you could retain their interest.

Also, effective protection depends on a good level of up-to-date threat intelligence,  so unless you have specialists engaged in threat hunting and gathering threat intelligence, it will be difficult to defend your systems. Incident response and security monitoring, closely followed by vulnerability monitoring, are therefore the first things to consider.

Patching, firewall management and access management are more routine, so may be kept in house, but if this is the case, any protective monitoring provider must be aware of the current configuration to meet their SLAs.

So if you want to save yourself stress, money and a damaged reputation from a cyber incident with affordable, live systems protection please ring us now on 01242 521967 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139