Anatomy of a Vendor Email Compromise Attack

You are most likely aware of Business Email Compromise (BEC), but are you familiar with its younger sibling, Vendor Email Compromise (VEC)? This term first started circulating in the industry towards the end of 2019 and describes an attack style whereby a cybercriminal takes over the account of one of your suppliers. However, the cyber attackers target isn’t the supplier, it’s you. By disguising as a trusted entity outside of your organisation, they can easily convince your employees to disclose sensitive information or pay fake invoices.

VEC attacks use similar methods to BEC attacks, but they take a lot longer. Attackers must be patient, monitoring normal activities and communication to ensure their attack is perfectly timed and more realistic than ever. However, the wait is worth its weight in gold as VEC attacks can cause huge damage to business partners, customers and stakeholders, with the average cost reaching a staggering $183,000.

VEC attacks are becoming increasingly common, with companies having a 50% chance of being attacked through this type of email compromise. If your business interacts with vendors to supply products or services, then you need to be aware of VEC and how to protect your business.

What a Vendor Email Compromise Attack Looks Like

VEC attacks are both extremely hard to identify and incredibly successful at wreaking havoc. While your business may have invested in traditional security solutions, there is no guarantee that you’re covered against these advanced attacks. However, to be able to secure your supply chain, you first need to understand how VEC happens. There are four key stages to an attack:

  1. Compromise vendor account – the first step in a VEC attack has nothing to do with your business; it’s all about compromising one of your suppliers. Phishing emails are often used to gain account details, or they can be purchased illegally.
  2. Establish account control – once an attacker has account details at a supplier, they’ll put forwarding rules in place. This allows them to remain undetected and monitor activity.
  3. Gather insider information – as well as reading emails and learning about normal business activities, cybercriminals will target other vendor employees and gain key pieces of information that they can use to their advantage.
  4. Defraud the business – this is when you receive a fake but incredibly realistic email. It will seem to come from your supplier, as usual, it will be perfectly timed and will ask for something that seems normal. However, it will trick you in some way, either making you disclose sensitive information or pay a fake invoice.

Mitigation Strategies Against Vendor Email Compromise

Supply chain emails are inherently trusted, which makes VEC attacks easily blend in with day-to-day operations. Organisations or individuals often miss that there is anything wrong. After all, the emails are from a trusted account; there is no way to automatically know that it has been compromised. As the messages closely mirror typical vendor-employee behaviour, even highly trained security experts can’t spot them. To be in with a chance, you need to read and analyse the content and context of every message. And, without the help of advanced technology, that’s an impossible task. VEC attacks pass domain authentication and sail right through traditional security controls. To stop these sophisticated attacks, you need sophisticated tools in your corner:

  • Defence in depth – when it comes to protecting against VEC attacks, you need advanced threat protection. Instead of relying on a single layer of protection from your secure email gateway and antivirus solutions, you need to layer this alongside threat intelligence and behavioural analysis. These advanced techniques can learn from normal business activities between you and your suppliers and pick up on anomalies.
  • AI and Machine Learning – advanced behavioural technology can be used to model identities, build relationship graphs and deliver deep content analysis. By doing this, it can detect suspicious financial requests, suspicious links trying to phish credentials and suspicious demands for unusual volumes of money. Monitoring communications between vendors and customers delivers a real-time risk assessment and the ability to stop targeted and sophisticated supply chain attacks in their tracks.

How to Protect Your Business

If you have numerous vendors in your supply chain, it’s a huge task to be able to have real-time insights into which ones might pose a risk to your business. When it comes to securing your email ecosystem, you may think you’ve got it covered. However, today’s advanced threats are continually evolving to try to evade traditional defences. To find out how well your business is protected, get in touch with InfoTrust today for an email security assessment.

If you'd like to find out about the anatomy of an account compromise, click here.

see our

Related resources