Phishing, especially through emails, remains one of the often-used entry points of cybercriminals when launching attacks on organizations. Proof of this is the 11 million phishing links cybersecurity solutions firm Kaspersky blocked in Southeast Asia for the year 2021.
Kaspersky’s Anti-phishing system found most of it on devices of the company’s internet solutions users in Vietnam, Indonesia, and Malaysia.
“With all the critical data being sent via email, it is expected for cybercriminals to see it as an effective and lucrative entry point,” said Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky. “An unfortunate example is the $81M Bangladesh Bank Heist in 2016 which was made possible by a single, successful targeted phishing attack.”
Kaspersky data revealed the total phishing links it detected and blocked globally reached more than 250 million. In total, 8.2% of Kaspersky users in different countries and regions around the world have faced at least one phishing attack.
The report noted how cybercriminals use current trends or topics (e-commerce, entertainment, current events) in subject lines or messages to lure unsuspecting users to click the malicious links.
Unsecured networks in remote work setups contributed to the increase in business e-mail compromise (BEC) sent to employees as cybercriminals hope to penetrate corporate networks.
BEC attacks are a type of fraud that involves impersonating a representative from a trusted business. A BEC attack is defined as a targeted cybercriminal campaign that works by:
- Initiating an e-mail exchange with a company employee, or taking over an existing one;
- Gaining the employee’s trust;
- Encouraging actions that are detrimental to the interests of the company or its clients.
“Enterprises in the region should carefully look into holistic and in-depth cybersecurity technologies to beef up the security of their highly critical mail servers,” Siang Tiong said.
Citing a study by US wireless network operator Verizon, Kaspersky said BEC was the second most common type of social engineering attack in 2021, “and the FBI reported that BEC attacks cost US businesses more than $2 billion from 2014 to 2019.
Kaspersky experts are increasingly observing BEC attacks. In Q4 2021, Kaspersky products prevented over 8000 BEC attacks, with the greatest number (5,037) occurring in October. The security experts also found that the attacks tend to fall into two categories: large-scale and highly targeted.
“The former is called “BEC-as-a-Service,” Kaspersky explained, “whereby attacks simplify the mechanics behind the attack in order to reach as many victims as possible. Attackers sent streamlined messages en masse from free mail accounts, with the hope of snaring as many victims as possible. Such messages often lack high levels of sophistication, but they are efficient.
Handling BEC attacks
Cybercriminals use a fairly wide range of technical tricks and social-engineering methods to win the trust and carry out fraud.
Kaspersky advises organizations to take measures to at least minimize the threat from BEC attacks:
- Set up SPF, use DKIM signatures, and implement a DMARC policy to guard against fake internal correspondence. In theory, these measures also permit other companies to authenticate emails sent in the name of your organization (assuming, of course, that the companies have those technologies configured). This method falls short in some ways (such as not being able to prevent ghost spoofing or lookalike domains), but the more companies that use SPF, DKIM, and DMARC, the less wiggle room cybercriminals have. The use of these technologies contributes to a kind of collective immunity against many types of malicious operations with e-mail headers.
- Train employees periodically to counter social engineering. A combination of workshops and simulations trains employees to be vigilant and identify BEC attacks that get through other layers of defense.
- Use security tools to protect corporate communication channels such as Kaspersky Secure Mail Gateway with a solid set of anti-phishing, anti-spam, and malware detection technologies. While BEC represents one of the most sophisticated types of email compromise, the product has a dedicated heuristic model for processing indirect indicators and detecting even the most convincing fake emails.
- Subscribe to in-depth and regularly updated threat intelligence services to have in-depth visibility into cyber threats targeting your organization.
Kaspersky solutions with content filtering specially created in the company’s lab already identify many types of BEC attacks, and its experts continually develop technologies to protect further against the most advanced and sophisticated scams.