Business email spam more lucrative to hackers than ransomware
Managing Director, Security, APJ
Thought Leadership, Security
While ransomware attacks tend to hog the headlines, it is in fact business email compromise (BEC) that costs organizations more money.
BEC fraud is far more lucrative than ransomware and is often underestimated by business owners. Between October 2013 and December 2016, BEC raked in US$5.3 billion for fraudsters, compared to about US$1 billion last year for ransomware attacks. This profitable type of scam relies on social engineering – exploiting people rather than machines.
A basic BEC campaign will involve an email (often spoofed to look like it’s come from a co-worker) targeted at financial employees who are allowed to send money via transfers. Attackers do their homework and study an organization’s hierarchy and its employees using the internet and social media. Once armed with enough information, they piece together the likely chain of command.
The attacker will then send an email that appears to come from the CEO or other high-ranking executive asking the receiver to urgently wire money to a “business associate” or to pay a vendor. The bank account belonging to the cyber criminals is typically foreign-based.
BEC scams are aimed at big targets – Google and Facebook are two high profile victims of BEC attacks and wire fraud. These are blue chip tech companies that most people expect to have advanced levels of cybersecurity. But BEC messages don’t contain malware or suspect links, so they can usually bypass all but the most sophisticated threat defense tools. Organizations with an online presence, from tech giants through to those with just a handful of employees, are all potential targets. Because BEC fraud is a low-cost and high-return type of cybercrime we expect it to grow as a threat.
At the same time, cybercriminals are also diverting attention back to malicious email to deliver ransomware and other malware quickly and cost-effectively. They’re also getting creative with their methods to evade detection. For example, our threat researchers observed growth in spam containing macro-laden malicious documents, including Word documents, Excel files, and PDFs, that can defeat many sandboxing technologies by requiring user interaction to infect systems and deliver payloads.
Spam-sending botnets are also thriving and adding to the deluge of global spam campaigns. Our Midyear Cybersecurity Report shows monitored activity from a botnet called Necurs. The botnet owners relied heavily on low-cost, low-quality spam campaigns, suggesting that these less resource-intensive efforts successfully generated revenue.
Defenders need to be proactive and vigilant in the face of these increasing threats. In parts of Asia there is a particular challenge as legacy IT infrastructure is often old and outdated. This is true of emerging Asian economies such as Indonesia, Vietnam and the Philippines. Attackers are specifically targeting these nations looking for vulnerable spots, adding to the sense of urgency to build proper protection systems.
Vulnerable organizations need to improve business processes and user education. For example, training employees to identify unusual requests for financial transfers, particularly out-of-country ones. Organizations should also have a long-term security strategy in place and they should be looking to technology that makes it easier for them to protect against advanced email threats.
Source: Cisco 2017 MCR