Around the world, organizations of every size and industry are battling email security threats that have the potential to be financially devastating. Most of these attacks are coming in the form of business email compromise (BEC). This is an attack method in which cybercriminals leverage email messages that appear to come from a known source, making a legitimate request in order to accomplish their end goal of defrauding the company.
Using various social engineering techniques, BEC attacks can be easy to execute and require minimal tools, making them highly popular with threat actors. One common type of BEC is impersonation where threat actors impersonate your CEO or a member of your executive leadership team — trustworthy roles that are less likely to be questioned by the one who receives the request. Details about these personas are often publicly available online, so attackers can pretend to know them. The targets are often employees who are involved in finance who have the necessary banking details, access to payment methods, and account numbers. BEC can lead to the loss of funds, data, as well as brand reputation.
There are many BEC attack methods, but one thing they have in common is that they are sophisticated, targeted, and they leverage business email to carry out their scam.
BEC vs. Ransomware
BEC and Ransomware both can have devastating financial impact. While they are similar in nature, the tactics used to steal money are very different. Last year, Secureworks® saw BEC attacks overtake ransomware as the most common type of financially motivated threat activity. In 2022, BEC incidents doubled, with 57% fewer Secureworks IR engagements involving ransomware. Ransomware attacks are not going away, but BEC is definitely on the rise.
Better Security Controls Are Driving Threat Actor Creativity
As part of a BEC scam, threat actors research their targets to determine how to fake their identity, then start impersonating one of the parties. They are being forced to get creative as more cybersecurity solutions are leveraging AI, and security controls such as multi-factor authentication have changed the attack surface. As attackers find new ways to circumvent the security controls in place to achieve their objectives, the cybersecurity community must partner together to prevent, detect, and respond to BEC attacks.
Protecting Yourself with Secureworks and Mimecast
Extended visibility into email security and the associated data is critical for every organization’s security strategy and practices. That is why Secureworks partnered with Mimecast, a leading provider of cloud security and risk management services for corporate information and email. Mimecast and Secureworks work together to protect customers from the growing threat to email and the corporate data it contains, bringing tremendous business value to our joint customers.
The joint integration between Mimecast with Secureworks Taegis™ XDR, allows organizations to improve email visibility, operations, and email security threat responses. It brings comprehensive email and data risk management into a single, unified cloud service — combining best-of-breed email security services with a best-of-breed XDR.
How the Mimecast and Taegis XDR integration works:
- Emails received by Mimecast are passed through a series of hygiene and advanced security scanning techniques, to ensure that they are safe before delivery to the recipient.
- Malicious and unwanted emails are blocked and detailed information is provided for further analysis.
- Email intelligence provided by Mimecast is sent to Taegis XDR platform for normalization.
- Taegis XDR uses that email intelligence to alert analysts and add context to data from other data sources
Want to know more about BEC or how to improve your overall cyber resilience?
Check out this upcoming webinar, The Rise of BEC: 5 Tips for Adapting to Today’s Email Threat Landscape. This webinar with experts from both Secureworks and Mimecast, will provide valuable insights to guide risk management decision-making, inform best practices, and prioritize resource allocation. Our panel discussion will include tips for adapting to the email threats of today and tomorrow.
You can also learn more about these trends in our recent report from the Secureworks Counter Threat Unit™ (CTU)™ research team, Learning From Incident Response: April – June 2022.