BEC is a sophisticated type of attack that targets organizations through email. Attackers impersonate trusted individuals within your company, like executives, vendors, or colleagues, to manipulate employees into actions that benefit the attacker. This could range from divulging organizational/personal information to sending money.
BEC is one of the most prominent attack vectors around today, and it continues to increase year-over-year. Unfortunately, small businesses and managed services providers (MSPs) tend to be prime targets for BEC. Here's a recent example uncovered by the Todyl team.
The facts on BEC:
Every organization needs both strong security programs and high organizational awareness to defend against this pervasive threat. In this blog, we’ll explore how BEC attacks work and how to implement best practices to protect your organization.
BEC attacks utilize a complex web of social engineering and impersonation to achieve their goals. Here's a breakdown of how they typically work:
Let's dive into an example of a widespread BEC campaign perpetrated by the Söze Syndicate that was uncovered by Todyl.
The Syndicate is a widespread crime ring using identity attack infrastructure spanning the globe. With sites spanning North America, Europe, and Singapore, Söze targets organizations of all sizes using email account compromises. In fact, Todyl found that approximately 65% of all attempted BEC cases across our partner base came from this group.
The group uses a "low and slow" approach, applying patience and careful planning to compromise businesses. In practice, they leverage three main procedures to carry out their actions.
Thankfully, the combined efforts of Todyl and our MSP partners stopped most of these attempts. But, the Söze Syndicate remains a threat, requiring constant vigilance. We'll cover how Todyl can help you identify and prevent threats like Söze and others later in this blog.
If you'd like to learn more about this investigation, read our full threat report on the Söze Syndicate.
Both BEC and phishing attacks involve email deception aiming to steal money or information, but they have key differences:
Ultimately, phishing can be a step in a larger BEC campaign. But, BEC often represents higher impact, targeted attempts on an organization that can lead to devastating results.
BEC attacks can have immense impact to your organization. That being said, proactive security measures will strengthen your defenses and make your company much harder to target. A few ways to protect against BEC include:
Employees are your first line of defense against BEC attacks. That's why it’s critical to train them to identify common red flags in emails. Attackers use spoofed email addresses, urgency tactics, and requests for sensitive information to trick employees. Regularly test employees with simulated phishing attacks to reinforce training and identify areas needing improvement.
Regularly review and update security measures, including employee training, technology solutions, and incident response plans, to stay ahead of evolving attack tactics. Foundational cyber hygiene is a must: enforce strong password policies to keep accounts secure. Password managers also help reinforce strong passwords since users can create many unique passwords without having to track them.
Multifactor authentication (MFA) on all accounts is also critical, adding an extra layer of security beyond passwords. This process makes it harder for attackers to gain access, even if they obtain login credentials.
Consider implementing security solutions like Security Information and Event Management (SIEM) and Managed eXtended Detection and Response (MXDR). These provide broader visibility into network activity and potential threats, allowing for faster detection and response to BEC attempts.
Going a step further, seek out solutions that provide Identity Threat Detection and Response (ITDR). ITDR specifically identifies changes and misuse of user credentials to directly stop attacks like BEC.
Business email compromise attacks are more prevalent than ever. That's why it’s crucial to implement strong security programs to combat evolving threats.
Todyl’s SIEM identifies suspicious activity on systems, apps, and infrastructure such as unusual login attempts and impossible travel. It also alerts our Managed eXtended Detection and Response (MXDR) team, allowing them to further investigate potential BEC attempts.
The MXDR team distinguishes genuine threats from false positives and recommends appropriate action such as disabling compromised accounts. Using our Anomaly Framework, MXDR automatically uncovers credential misuse to provide top-of-the-line ITDR. Unlike other ITDR providers, Todyl MXDR dynamically correlates account actions and other data to quickly identify signs of BEC. Automated response actions help MXDR to stop bad actors from successfully compromising accounts, keeping you and your clients protected.
This combined approach improves the chances of identifying and stopping BEC attacks before significant damage occurs. Todyl is here to help you tackle the threat of BEC and fight the good fight.
Read how Todyl’s MXDR team jumped in to help a partner after they fell victim to a BEC attack.