Page 70 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 70

Before conducting these BEC schemes, the threat actors do their homework. They peruse the company
            website,  social  media  pages,  media  coverage,  and  other  publicly  available  data  sources  to  collect
            information on their target organization. This research may include details about executive and high-level
            employees, new hiring announcements, travel plans or similar out-of-office notifications, company news,
            and other notable projects or events. In the CEO fraud example, they will identify key targets and spoof
            a trusted persona to ensure the best chance of success. These scams have even evolved to include
            SMS  text  messages,  personal  emails  or  social  media  accounts,  and  personal  devices,  such  as  cell
            phones.

            Cybercriminals  use  the  information  collected  to  target  employees  and  persuade  them  to  divulge
            confidential information or sensitive data that bad actors may use for fraudulent purposes.

            BEC's common goals include convincing employees to click on a link and provide log-in credentials, send
            sensitive data, perform a financial transaction (wiring money, purchasing gift cards), or open malicious
            attachments.

            Other types of Business Email Compromise:




            CEO Impersonation: as mentioned above, this tactic involves spoofing a message from an executive,
            requesting  employees  perform  some  action,  such  as  sending  a  wire  or  other  financial  transaction,
            providing employee W-2s, purchasing gift cards, etc.

            Fake  Invoice  Scams: attackers  spoof  an  email  with  an  invoice  from  a  vendor  or  3rd  party  that  an
            organization regularly works with, but with updated payment information

            Data Theft:  HR  Personnel  are  targeted to  obtain  sensitive  data  such  as  employee  or  company  tax
            information, or attackers pose as employees and send new payroll direct deposit instructions

            Account Compromise: Email accounts are compromised and are used to send out invoices or requests
            for payment to attacker-controlled accounts.

            If an employee falls for these tactics, it could result in damage far beyond personal embarrassment.
            Providing passwords to bad actors, sending funds or sensitive data to an attacker, and ransomware
            delivered through the click of a link can all have wide-reaching effects on the entire organization.



            Implementing Comprehensive Cybersecurity

            We often come back to the pillars of comprehensive cybersecurity: leveraging people, processes, and
            technology to defend against current and future threats. Applying an adaptable approach to CEO fraud
            and other BEC scams can go a long way in protecting organizations from evolving tactics, especially with
            the new challenges of working in a hybrid or remote world.

            Employees are often the first and last line of defense against cyberattacks like BEC. They should receive
            proper training and guidance to recognize and respond to potential threats. Conducting cybersecurity






                                                                                                              70
   65   66   67   68   69   70   71   72   73   74   75