By now we have all seen or heard someone in the enterprise security industry quote the observation made in Mandiant’s 2014 Threat Landscape Report that, “100% of enterprise attacks involved compromised account credentials.” This statistic may be surprising for the Board, but for security professionals the real surprise is that most enterprises are just starting to think about this issue. Most have done little to address it, even though the damage that can be inflicted by these attacks can be substantial. The use of compromised accounts gives the attackers access to confidential files and other valuable corporate data.
Although enterprises may be slow in recognizing this problem, the bad guys have been busy. Recent reports highlight how attackers have found a new way to profit from compromising enterprise account credentials – Business Email Compromises.
Business Email Compromises (BEC) start with attackers compromising the email account of a senior company executive like the CEO or CFO. The executive’s email account is then used to send an email to a company employee requesting the employee to wire transfer company funds for some purchase that sounds legitimate. The email directs the employee to wire transfer funds to the bank account of a known third party but in reality the account owned by the attackers. Since the email will often come from the legitimate email account of the executive, the request is not questioned and the funds are sent as directed. Score another one for the bad guys!
Recent FBI report shows the impact that Business Email Compromises (BEC) is having on U.S. businesses. Since the FBI’s Internet Crime Complaint Center (IC3) began tracking BEC scams in late 2013, it has compiled statistics on more than 7,000 U.S. companies that have been victimized—with total dollar losses exceeding $740 million. That doesn’t include victims outside the U.S. and unreported losses.
So what can be done to mitigate the threat of BEC fraud and the associated financial losses as well as the theft of confidential corporate data?
Enterprises need to start watching the activities of their users. The easiest way to detect malicious attacks and secure access to systems like email including Exchange and Office 365 is with User & Entity Behavior Analytics (UEBA) solutions. The idea is simple – enterprises can monitor the access activities of their users with UEBA to identify inconsistencies in a user’s behavior. Similar to how credit cards protect cardholders, UEBA solutions use historical and current analytics about each user including things like known devices, normal operating location(s), time of day that the user usually works and which applications typically are accessed by the user. Some UEBA solutions like Interlock can even use group associations to give further context to a user’s behavior especially for VIP’s.
The benefit of using UEBA is it can identify high-risk access requests by recognizing inconsistencies in a user’s behavior. Flagging high-risk access requests in real-time is an effective tool in detecting and stopping compromises like BEC. With UEBA solutions, the good guys can change the game and start winning the battle with the attackers.
To learn more about how User & Entity Behavior Analytics can be used to detect and stop malicious attacks, click here.
The post Should You Be Concerned About Business Email Compromises? appeared first on Mobile System 7.
