BEC scammers set their sights on payoffs in the millions of dollars, and are following the path of their ransomware counterparts by evolving services while organizations struggle to keep up.
It shouldn’t come as a surprise (if you’ve been following the evolution of cybercrime) that we’re now seeing cybercriminal gangs looking for additional ways to elevate their own work into a service that can be utilized by others. We saw ransomware-as-a-service grow in popularity over the last two years; it should be expected that other types of cybercrime would follow suit.
In an interview with ZDNet, Deputy Director of Threat Intelligence for Palo Alto’s Unit 42, Jen Miller-Osborn highlights BEC taking the same path as that of Ransomware:
“Similar to ransomware, we're seeing an increasing number of attackers getting into BEC, and we're also seeing it mature into -- like Ransomware-as-a-service -- BEC-as-a-service. They're becoming more tech-savvy. They've been in the commodity space and are starting to include publicly disclosed vulnerabilities. They're becoming more professional.”
According to an analysis of BEC attacks since 2020 by Unit 42, the average wire fraud attempted was $567,000 with the highest at over $6 million. Because these attacks are almost exclusively email-based, Unit 42 offers some best practices for mitigating such attacks, including:
- Use of multi-factor authentication – both Microsoft and Google offer MFA for their email platforms. Use of MFA would shut down an attacker’s ability to have continual access to a victim account.
- Disabling Client-Side Forwarding – a trick used by attackers to have sensitive intel found in emails automatically forwarded to them, client-side forwarding can be a source of assistance to the threat actor, making it a focus for possible disabling.
- Logging and Event Monitoring – watching for unusually high administrative or user activity within email platforms and finance applications can help identify potential fraud.
- Security Awareness Training – even Unit 42 says “end users are commonly the weakest link in security incidents”. Educating them on phishing tactics, campaigns, and themes helps users instantly spot content designed to trick them into giving up credentials.