BEC runs rampant as conventional email security fails to detect display name deception;
Agari enhances its Enterprise Protect functionality to deliver advanced protection against BEC
SAN MATEO, Calif. – Agari, a leading cybersecurity company, today published research revealing that 96 percent of organisations have received business email compromise (BEC) emails during the second half of 2017. The Agari “Business Email Compromise (BEC) Attack Trends Report” analyses more than one billion emails considered safe by conventional email security solutions, including Secure Email Gateways (SEG), Advanced Threat Protection (ATP) and Targeted Attack Protection (TAP).
“Business email compromise is a particularly effective attack vector because its lack of payload makes it nearly impossible for conventional email security solutions to detect and prevent,” said Markus Jakobsson, chief scientist, Agari. “At its core, business email compromise is a social engineering attack that leverages familiarity, authority and trust, which can result in billions of dollars of losses to businesses.”
According to the FBI, BEC attacks were responsible for more than $5.3 billion in exposed losses between 2013 and 2016. BEC attacks leverage social engineering, impersonating trusted individuals, such as bosses and third-party vendors, to request wire payments or sensitive data such as W-2 tax forms. Social networks and free cloud email services make it simple for cybercriminals to identify their targets, create an email account that impersonates a trusted entity (CEO, brand, partner) and then create a believable con with personalised details to make these attacks successful.
Key findings of the Agari “Business Email Compromise (BEC) Attack Trends Report” include:
- Nearly every organisation has received BEC attacks– Research reveals that 96 percent of organisations have been targeted by BEC attacks between June 2017 and December 2018. On average, organisations experienced 45 BEC attacks during this time.
- BEC attacks manifest in a variety of forms – BEC attacks include display name deception, domain spoofing, and look-alike domains. However, BEC attacks function differently than phishing or spear-phishing attacks because there is no payload, such as a malicious attachment or a malicious URL.
- Conventional security solutions are ineffective against BEC –As the last line of defense against advanced email-based attacks, Agari witnessed that 81 percent of BEC attackers used display name deception, 12 percent using domain spoofing and 7 percent used look-alike domains to impersonate a trusted party, without the SEG, ATP or TAP detecting it.
Conventional email security solutions, such as SEG, ATP and TAP attempt to detect attacks by monitoring for malicious payloads, attachments, URLs and other forms of known bad behavior. However, attackers can evade these protections by impersonating trusted individuals, partners or brands, while avoiding the use of malicious payloads.
“Business email compromise has become a pervasive threat that targets nearly every organisation, often slipping past conventional email security solutions undetected,” said Greg Temm, chief information risk officer, FS-ISAC. “BEC opens organisations up to financial losses and could put customers’ investments at risk. Urgently deploying effective security controls and educating employees are some of the best ways to deal with this type of attack.”
Agari Enterprise Protect uses multiple patented machine learning models that integrate identity mapping, trust models and behavioral analytics linking the Internet’s infrastructure, organisational and individual data to detect and prevent identity deception. Built against massive, Internet-scale data sets, including insights from over 2 trillion emails every year across 3 billion global inboxes. Based on identity intelligence, Agari can accurately detect and prevent all three forms of identity deception used by BEC attacks including domain spoofing, look-alike domains and display name deception.
As BEC attacks remain unchecked by conventional email security, Agari continues to enhance
Enterprise Protect to ensure customers are protected. The latest enhancements include:
- Agari Advanced Display Name Protection– A new machine learning model integrates organisational data from Office 365 and Azure Active Directory to automatically block display name deception.
- Rapid DMARC– Automatically authenticates inbound email claiming to be from an organisation’s internal domains to block spoofing attempts—regardless of whether the organisation has published a DMARC policy.
- Search & Destroy – Microsoft Office 365 and Google G Suite administrators can rapidly search and delete emails that have already been delivered to user inboxes for breach prevention or copy emails for forensic analysis.
Download “Business Email Compromise (BEC) Attack Trends Report” at: http://www.agari.com/business-email-compromise-report/?utm_source=PR&utm_medium=PR
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.