The FBI says business email compromise is now the biggest cause of cybercrime financial losses for U.S. organizations. But ransomware attacks are also on the rise again. 

Wesentliche Punkte:  

  • Financial losses caused by business email compromise reached $1.7 billion in 2019, with companies losing an average of $75,000 in each attack, according to the FBI.   
  • The findings align with Mimecast research showing a high and growing level of business email compromise attacks.  
  • Some attackers may be shifting their focus to ransomware, und increasingly are threatening to publicly release sensitive corporate data if ransoms are not paid.   

Business email compromise attacks caused a staggering $1.7 billion in cybercrime-related financial losses in the U.S. during 2019nearly four times as much as any other category of cybercrime und 37% higher than the previous yearaccording to the 2019 FBI Internet Crime Report. Each business email compromise attack also typically resulted in much higher losses than other types of cybersecurity crime: victims reported average losses of nearly $75,000  

The FBI’s databased on complaints reported to its Internet Crime Complaint Center (IC3), aligns with Mimecast’s The State of Email Security Report 2019. Mimecast’s research found that two thirds of organizations have experienced increases in impersonation und business email compromise attackswith almost three quarters of them losing money, data, or customers as a result 

How Business Email Compromise Works  

Business email compromise is a relatively new type of attack that aims to scam organizations by impersonating executives in order to convince employees to wire money to fraudulent accounts or leak sensitive information. Attackers often target businesses that regularly make wire transfer payments to foreign suppliers 

Attacks often begin with spoofed email messages impersonating the CEO or other executives and targeting people within the company that have the power to make wire transfers or access funds in other ways, says Dr. Kiri Addison, Head of Data Science for Threat Intelligence and Overwatch at MimecastThe initial message may be simple and basic: Can you help me quickly with a task? I’m held up in a meeting downstairs so don’t come and find me,’ Addison says 

Now, some attacks are starting to use the COVID-19 coronavirus as a ploy to draw people in, she says. An example: “I’m self-isolating and my phone’s not working, can you reply to me at this email address?” For more on coronavirus-related Phishing-Angriffe, read “Beware of Fast-Evolving Coronavirus Email Phishing Attacks.” 

Gift Card Scams Proliferate 

Addison said she’s not surprised that the FBI report identified substantial losses due to business email compromise, since the high-value payments routinely made by businesses present an appealing target for attackers. But she noted that Mimecast has also seen many high-volume, lower-value business email compromise scams, such as gift card fraud, often using a template message mailed to a large number of email addresses and sometimes translated into different languages for use in multiple countriesIn gift card scams, attackers typically entice an employee to buy large numbers of gift cards and then email the list of codes.  

Overall, Mimecast Bedrohungsanalyse detected nearly 60 million business email compromise/impersonation attacks from October to December 2019with an overall increase in impersonation attacks that rely on social engineering instead of tactics detectable through email scans.  

Some Business Email Compromise Attacks Become More Sophisticated 

Though some business email compromise attempts may be fairly crude, the attacks are constantly evolving as scammers become more sophisticated, according to the FBIIn addition to spoofing corporate email accounts, attackers may compromise personal or vendor emails, spoof the accounts of corporate lawyersoder send requests for W-2 employee formsIn 2019, an increasing number of attacks aimed to divert payroll fundsIn these schemes, a company’s human resources or payroll department receives an email that appears to be from an employee, with a request to update their direct deposit information. The new information typically routes the employee’s pay to a hacker’s pre-paid card account. 

How to Prevent Business Email Compromise  

Organizations need a combination of technology and security awareness training to combat the threat of business email compromise, Addison says. Mimecast’s technology can detect many emails that are sent from outside the organization und attempt to impersonate the company’s executives and other real usersBut training is also key, because business email compromise attacks ultimately rely on human error: the attack will only be successful if an employee is tricked into facilitating the scam 

Ransomware Shows Signs of Resurgence  

In contrast to the widespread devastation caused by business e-mail compromise attacksthe FBI’s crime report recorded a relatively low level of ransomware incidents and losses ($8.9 million) in 2019. That number likely understates the realworld cost because it doesn’t include factors such as the cost of lost business, disruption to operations oder remediation services 

However, there are signs that attackers are again increasing their focus on ransomware. Mimecast has identified an uptick in short-lived, high volume, targeted and hybridized attacks, which is highly likely to indicate that threat actors are refocusing their efforts from impersonation to ransomware, often using the Emotet trojan to install ransomware on users’ systems 

Addison adds that Mimecast is also increasingly observing a disturbing trend in ransomware attacks: In addition to encrypting companies’ data to render it unusablea growing number of hackers also exfiltrate a copy of the data and threaten tpublicly release the sensitive information if the ransom is not paid.  

Combating the Rise in Ransomware  

Organizations can use several techniques to thwart the resurgence of ransomware, Addison says. They include basic practices of good cybersecurity hygiene, including regular patchingin addition to using technology to scan email attachments und identify suspicious links in messagesTo prevent Emotet-based attacks, another key approach is to change Microsoft Office settings to block macrossince macros are often used as a mechanism for Herunterladening Malware 

Was lässt sich daraus schließen?  

Business email compromise has a huge financial impact on U.S. organizations: in 2019, the reported losses from business e-mail compromise attacks were much higher than for any other category of cyber-crime, according to the FBI. In addition, there are now signs that attackers are once again focusing more effort on ransomwareTo counter these threats, organizations need to use a combination of specialized security TechnologieAwareness Training, and good cybersecurity hygiene 

 

Sie wollen noch mehr Artikel wie diesen? Abonnieren Sie unseren Blog.

Erhalten Sie alle aktuellen Nachrichten, Tipps und Artikel direkt in Ihren Posteingang

Das könnte Ihnen auch gefallen:

New Cyber Threat Intelligence Report Reveals the Rise of Emotet

The Mimecast Threat Center launched the…

The Mimecast Threat Center launched the Threat Intelligence… Read More >

Renatta Siewert

von Renatta Siewert

Senior Security Writer

Posted Feb 25, 2020

Recent Business Email Compromise Arrests Highlight Significance of Ema…

Operation reWired Leads to 281 Arrests I…

Operation reWired Leads to 281 Arrests In BEC Sting A four-… Read More >

Renatta Siewert

von Renatta Siewert

Senior Security Writer

Posted Sep 24, 2019

Why Deepfakes are Revolutionizing the World of Phishing

Since the dawn of social engineering, at…

Since the dawn of social engineering, attack methodology has… Read More >

Jonathan Miles

by Jonathan Miles

Head of Strategic Intelligence and Security Research

Posted Oct 22, 2019