Anatomy of a Vendor Email Compromise Attack
You are most likely aware of Business Email Compromise (BEC), but are you familiar with its younger sibling, Vendor Email Compromise (VEC)? This term first started circulating in the industry towards the end of 2019 and describes an attack style whereby a cybercriminal takes over the account of one of your suppliers. However, the cyber attackers target isn’t the supplier, it’s you. By disguising as a trusted entity outside of your organisation, they can easily convince your employees to disclose sensitive information or pay fake invoices.
VEC attacks use similar methods to BEC attacks, but they take a lot longer. Attackers must be patient, monitoring normal activities and communication to ensure their attack is perfectly timed and more realistic than ever. However, the wait is worth its weight in gold as VEC attacks can cause huge damage to business partners, customers and stakeholders, with the average cost reaching a staggering $183,000.
VEC attacks are becoming increasingly common, with companies having a 50% chance of being attacked through this type of email compromise. If your business interacts with vendors to supply products or services, then you need to be aware of VEC and how to protect your business.
What a Vendor Email Compromise Attack Looks Like
VEC attacks are both extremely hard to identify and incredibly successful at wreaking havoc. While your business may have invested in traditional security solutions, there is no guarantee that you’re covered against these advanced attacks. However, to be able to secure your supply chain, you first need to understand how VEC happens. There are four key stages to an attack:
- Compromise vendor account – the first step in a VEC attack has nothing to do with your business; it’s all about compromising one of your suppliers. Phishing emails are often used to gain account details, or they can be purchased illegally.
- Establish account control – once an attacker has account details at a supplier, they’ll put forwarding rules in place. This allows them to remain undetected and monitor activity.
- Gather insider information – as well as reading emails and learning about normal business activities, cybercriminals will target other vendor employees and gain key pieces of information that they can use to their advantage.
- Defraud the business – this is when you receive a fake but incredibly realistic email. It will seem to come from your supplier, as usual, it will be perfectly timed and will ask for something that seems normal. However, it will trick you in some way, either making you disclose sensitive information or pay a fake invoice.
Mitigation Strategies Against Vendor Email Compromise
Supply chain emails are inherently trusted, which makes VEC attacks easily blend in with day-to-day operations. Organisations or individuals often miss that there is anything wrong. After all, the emails are from a trusted account; there is no way to automatically know that it has been compromised. As the messages closely mirror typical vendor-employee behaviour, even highly trained security experts can’t spot them. To be in with a chance, you need to read and analyse the content and context of every message. And, without the help of advanced technology, that’s an impossible task. VEC attacks pass domain authentication and sail right through traditional security controls. To stop these sophisticated attacks, you need sophisticated tools in your corner:
- Defence in depth – when it comes to protecting against VEC attacks, you need advanced threat protection. Instead of relying on a single layer of protection from your secure email gateway and antivirus solutions, you need to layer this alongside threat intelligence and behavioural analysis. These advanced techniques can learn from normal business activities between you and your suppliers and pick up on anomalies.
- AI and Machine Learning – advanced behavioural technology can be used to model identities, build relationship graphs and deliver deep content analysis. By doing this, it can detect suspicious financial requests, suspicious links trying to phish credentials and suspicious demands for unusual volumes of money. Monitoring communications between vendors and customers delivers a real-time risk assessment and the ability to stop targeted and sophisticated supply chain attacks in their tracks.
How to Protect Your Business
If you have numerous vendors in your supply chain, it’s a huge task to be able to have real-time insights into which ones might pose a risk to your business. When it comes to securing your email ecosystem, you may think you’ve got it covered. However, today’s advanced threats are continually evolving to try to evade traditional defences. To find out how well your business is protected, get in touch with InfoTrust today for an email security assessment.
If you'd like to find out about the anatomy of an account compromise, click here.
see our
Related resources
Mimecast recently released its State of Email Security Report for 2021. The fifth edition of its annual report used interviews with over twelve hundred of information technology and cybersecurity professionals across the globe to gather vital cybersecurity insights. The report offers an insight into the latest email threats along with advice on how to build cyber resilience and mitigate the risks of email-borne attacks.
Cyber attacks and data breaches have been commonplace in the news headlines for some time now. Although a warning from the media is certainly helpful, there is so much more that can be done when it comes to threat intelligence sharing. Threat intelligence sharing is an important part of the global cybersecurity community effort to tackle cybercrime and should form a part of every organisation’s cybersecurity strategy. Sharing cyber threat intelligence enables organisations to make informed decisions about their cybersecurity, building more effective and robust cyber defences.
One of my favourite annual reports to read is the Verizon Data Breach Investigations Report. It’s packed full of insights about the threat landscape and security leaders, in my opinion, should read this report to get a pulse on what’s happening in cyber-scape.
After all, as cyber leaders, we are here to stop breaches – so the insights gained from real cyber incidents and breaches is gold in learning how to tighten up our defences.
All businesses, large and small, are under increasing pressure to demonstrate that they are managing the risk of cyberattacks. This means having the right processes and controls in place to identify risks and vulnerabilities, protect information, as well as detect, respond, and recover in the event of cybersecurity incidents. As such, many businesses are turning to certification authorities and security frameworks to demonstrate privacy and security best practice and achieve compliance with regulatory bodies. System and Organisation Controls (SOC 2) is one such compliance framework that can help organisations to create a structured approach to cybersecurity.
Frost & Sullivan has recently released its 2021 Frost Radar: Email Security report, where its findings provide a benchmarking framework to help businesses protect their email from cyber threats.
As we operate in an increasingly digital world, every business collect, store, and share more and more data. And, amongst that data is personal information. With the OAIC marking this year’s Privacy Awareness Week (PAW) from Monday 3 May to Sunday 9 May 2021, it’s time for us all to review how we protect our customers’ personal information.
We're Here To Help