CYREBRO 2022 Predictions
7. Business Email Compromise (BEC) scams will continue to surge
BEC fraud is a form of spear phishing, in which cybercriminals will conduct social engineering and reconnaissance against a target before initiating contact. Most often, BEC scammers will target a victim organization’s accountancy, invoice, and payroll staff with emails crafted to appear legitimate.
If employees are duped, they may end up signing off fake payments or sending funds to bank accounts owned by criminals. In sophisticated BEC attacks, threat actors may compromise existing communication chains to covertly alter bank account details, before vanishing with payments intended for legitimate suppliers, payroll, or service providers.
The FBI has warned that BEC scams are increasing year over year, with reported rates doubling between 2018 and 2019, moving from $360 million in 2016 to a staggering $1.8 billion in 2020, according to the Internet Crime Complaint Center (IC3).
Recapping 2021
High-profile ransomware attacks, data breaches, and cyberattacks launched against core utilities and public services have dominated the headlines over 2021.
We have recently experienced cataclysmic shifts in the way we work and in how businesses are managed. A ripple effect of the coronavirus pandemic, a new reliance on remote setups, has also exposed gaps in network visibility and how best to manage endpoints connecting to corporate resources.
Cyber attackers are constantly evolving and refining their attack methods. Over the past year, CYREBRO has seen the following trends in how cyber attackers obtain access to enterprise networks.
Phishing
One of the oldest tricks in the threat actor book is phishing. Fraudulent emails, malicious social media content, and SMS messages are sent to prospective victims to entice them into clicking on fraudulent links or to download malware payloads. At the lowest levels of sophistication, phishing messages are sent en masse with subjects ranging from romance to loans, insurance, COVID-19, or they may display fake banking alerts.
At higher levels, you may encounter spear phishing, a more time-consuming endeavor requiring social engineering, research, and tailored communication to compromise targets selected on an individual basis, a common tactic employed by business email compromise (BEC) fraudsters.
Vulnerability exploits
2021 highlighted how devastating zero-day and unpatched vulnerabilities in popular platforms can be.
The Microsoft Exchange Server attacks, for example, were caused by in-the-wild exploitation of the ProxyLogon 0-days, leading to the compromise of thousands of on-prem Exchange servers despite the release of emergency patches.
According to Risk Based Security, over 12,500 vulnerabilities were reported during the first half of 2020, and close to 1,500 of these were remotely exploitable.
Supply chain attacks
While a relatively new entry, sophisticated threat actors have pivoted to attacks against centralized systems and platforms to reach the widest possible victim pools — spending their time and energy on breaking the defenses of one vendor, and thereby potentially gaining access to IT systems belonging to customers.
The most notable in recent times is the SolarWinds supply chain incident. Russian cyberattackers were able to compromise the software vendor’s platform and deploy a malicious Orion software update to roughly 18,000 customers.
Those responsible then used the backdoors planted in the clients’ systems through the malware-laden update to directly attack the most valuable customers, including Microsoft, FireEye, and various US government agencies.
Weak authentication
Weak and stolen credentials, including those used to access multiple online services, are now a common entry point for today’s cyber attackers.
Year after year, credential-stuffing attacks are used to infiltrate the networks of enterprise players and SMBs, and yet, 76% of employees in the Fortune 1000 still reuse passwords across personal and professional accounts. The open sale and trade of data dumps on the Dark Web, sometimes available for just a few dollars, means that cybercriminals can use automated tools to strike login systems with little effort.
To make matters worse, two-factor and multi-factor authentication (2FA/MFA) standards are no longer enough, due to a variety of modern techniques and tactics actively used by modern-day attackers to circumvent these extra security barriers.
The human factor
One of the weakest links in the security chain, and one often exploited by cyber attackers, is the human factor. Bring-Your-Own-Device (BYOD) practices, shadow IT, human error, lax privilege controls, and a lack of both training and cybersecurity awareness in employees can all contribute to a weakened security posture.
Hardly a week goes by when we don’t hear of someone falling for a BEC phishing scam and losing their employer’s money, or of credentials used by an employee on a third-party service — who may have high or administrator-level privileges — that were stolen and then used to deploy ransomware on a corporate network.
Insider threats, too, are an attack vector that needs to be considered. Malicious or negligent employees, staff members that have been bribed, rogue business partners, and unethical vendors could become a future catalyst for a cybersecurity incident.
Recent examples include an employee who deleted close to 120,000 records of a company after being let go; a BUPA staff member who stole and tried to sell customer PII on the Dark Web, and even scientists who hijacked a supercomputer in their lab to mine for cryptocurrency.
It should be noted, however, that humans also have an important role in mitigating security incidents, reducing risk, and managing threat response. AI, ML, and automation are valuable tools that are quickly becoming necessary assets to fend off today’s threat actors, but human expertise, reasoning, and intuition are also crucial.