The Cybersecurity Threat Predicted to be the Most Costly in 2020 & Six Steps to Prevent It
Most organizations are either familiar with, or have been victimized by, a Business Email Compromise (BEC). A BEC is a type of scam targeting organizations with the goal of leveraging a compromised email account to trick employees and executives into making fraudulent wire transfers. However, it’s not BEC attacks which are predicted to be the largest threat to organizations worldwide over the next 12-18 months, it’s a BEC variant known as Vendor Email Compromise (VEC).  The US Treasury department estimates BEC attacks already cost US firms $300 million a month.
What Differentiates a VEC from a BEC?
VEC attacks are similar to, but potentially much more dangerous, than a typical BEC. A VEC attack typically targets a CEO or CFO using similar methods as a BEC such as spear phishing, password spray attacks, credential stuffing, and social engineering. Regardless of the method the goal is to gain access to the email accounts of an organization’s executives or high-level employees. Once the account has been compromised hidden mail forwarding rules are established on the backend. This allows a copy of every sent and received email to be forwarded to the attacker, unbeknown to the account holder.
Over a period of weeks and in some cases months, the emails are analyzed allowing the attacker to learn about customer billing cycles and typical invoice amounts. The attacker studies the exact format of emails, email signature, logos and leverages this information to create highly realistic fraudulent invoices for just the right amount at just the right time. The fraudulent invoices are then sent a few days before payment would usually be made. To a casual observer there is no noticeable difference between a genuine and fraudulent invoice except a subtle change to the usual payment destination.
A VEC attack is extremely effective because the fraudulent email is sent from a genuine and trusted email account matching past invoice deliveries to the letter.
Six steps to take to mitigate this threat for your organization
- Establish a security awareness training program for all employees
- Employ an email security layer that includes advanced impersonation detection techniques
- Implement proper systems oversight with logging, monitoring and alerting for email platforms
- Leverage user behavioral anomaly detection services for email access
- Enabled multi-factor authentication for email access
- Disable weak and less secure mail protocols
To learn more about these services, please contact Thrive today.
 Agari Cyber Intelligence Research Division