Emerging Technology In The Fight Against Business Email Compromise

In the third and final in the series of blogs on the topic of Business Email Compromise, we look at emerging technologies that are successfully mitigating this attack vector. (See our first post here and second post here.)

Before the recent rise in Business Email Compromise (BEC) attacks, very little research had been done into how to combat them. More understanding was needed of the nature of these attacks to create the necessary security controls to protect organisations. Thankfully, a few little-known emerging players have been heavily researching this space and are now emerging as leaders. (See our previous blog post “Understanding Business Email Compromise Attacks” here.)

Due to the physiological nature of BEC attacks the first line of defence is to work on rules, policies and training. This is, without doubt, a good start, and needed support, but it isn’t enough to protect against advanced threats. Businesses need to delve deeper into their infrastructure, policies and end-user activities. They need to try to maximise the trustworthiness of email services, minimise threats at email gateways and enforce secure email behaviour amongst employees. Even bearing all this in mind, organisations often won’t have the resource to keep up with the evolving nature of BEC attacks.

At the centre of all BEC attacks is impersonation and therefore a solution to the problem must go further than policies or algorithms that attempt to identify regular patterns of fraudulent emails. Emerging technologies that focus more on Identity and Trust are winning the battle of the day to keep our inboxes clean from these advanced attack types.

To combat the advanced socially engineered attacks, organisations need to gain a full view of their email security operations. Fortunately, there is some emerging technology which is beginning to help fight against this new type of security threat. The Agari Email Trust Platform is one example and combines an array of innovative tactics not previously seen in email gateway technologies, such as:

• Domain Authentication– the baseline for preventing impersonation of the domains you own is domain-based message authentication, reporting and conformance (DMARC). This identifies authentic any third parties, vendors or cybercriminals using your domain to send email. It ensures that the visible ‘from’ address domain matches the hidden mail ‘from’ address domain. You can then instruct email receivers (other companies, or mailbox providers) what to do with emails that don’t pass DMARC, such as reject. Read more about DMARC in our blog post here.
• Dynamic classification – advanced artificial intelligence and machine learning systems are able to model senders and recipients identity characteristics, behavioural norms and relationships at both personal and industry levels. This learning allows the technology to create a real-time understanding of email behavioural patterns and to label the threat-level of an email accordingly.
• Virtual SPF and Sender Profiling – Agari made its name authenticating email traffic for the worlds largest brands over the past 6 years, now handling insights from over 1 trillion messages per year! This has given Agari a unique insight into the sending IP’s for email domains the world over, so that when an email is sent from an IP that is out of the norm for a given domain, this inherently raises the flag.

The above delivers unprecedented detection of an array of different attack types, from compromised account takeovers, display name spoof, full domain spoof, lookalike domain spoof and brand spoofing. Agari Email Trust Platform plugs the gap left by the Secure Email Gateway providers.

RECOMMENDATIONS FOR TACKLING THE THREAT OF BEC

Organisations will need to invest in emerging technology that can make email infrastructure more policy-focused, more dynamic in the way it interacts with end users, and more effective in educating users and changing behaviour. Due to the evolving nature of BEC attacks and the various threat pathways, the technology solution needs to be a mixture of email scanning, sandboxing, URL scanning, authentication, dynamic classification and sender profiling. On top of this, email defences should use up-to-date threat intelligence sources to allow them to adapt in real time to current threats. This includes blacklisting IP addresses and preventing user access to URLs of malicious domains. Needless to say, any solutions that are implemented need to integrate with existing technology and policies to be effective.

To find out more about how Infotrust can help protect your organisation against targeted inbound attacks visit our Secure Email Ecosystem page here or contact us on info@infotrust.com.au.

‍