Emerging Technology In The Fight Against Business Email Compromise
In the third and final in the series of blogs on the topic of Business Email Compromise, we look at emerging technologies that are successfully mitigating this attack vector. (See our first post here and second post here.)
Before the recent rise in Business Email Compromise (BEC) attacks, very little research had been done into how to combat them. More understanding was needed of the nature of these attacks to create the necessary security controls to protect organisations. Thankfully, a few little-known emerging players have been heavily researching this space and are now emerging as leaders. (See our previous blog post “Understanding Business Email Compromise Attacks” here.)
Due to the physiological nature of BEC attacks the first line of defence is to work on rules, policies and training. This is, without doubt, a good start, and needed support, but it isn’t enough to protect against advanced threats. Businesses need to delve deeper into their infrastructure, policies and end-user activities. They need to try to maximise the trustworthiness of email services, minimise threats at email gateways and enforce secure email behaviour amongst employees. Even bearing all this in mind, organisations often won’t have the resource to keep up with the evolving nature of BEC attacks.
At the centre of all BEC attacks is impersonation and therefore a solution to the problem must go further than policies or algorithms that attempt to identify regular patterns of fraudulent emails. Emerging technologies that focus more on Identity and Trust are winning the battle of the day to keep our inboxes clean from these advanced attack types.
To combat the advanced socially engineered attacks, organisations need to gain a full view of their email security operations. Fortunately, there is some emerging technology which is beginning to help fight against this new type of security threat. The Agari Email Trust Platform is one example and combines an array of innovative tactics not previously seen in email gateway technologies, such as:
- Domain Authentication– the baseline for preventing impersonation of the domains you own is domain-based message authentication, reporting and conformance (DMARC). This identifies authentic any third parties, vendors or cybercriminals using your domain to send email. It ensures that the visible ‘from’ address domain matches the hidden mail ‘from’ address domain. You can then instruct email receivers (other companies, or mailbox providers) what to do with emails that don’t pass DMARC, such as reject. Read more about DMARC in our blog post here.
- Dynamic classification – advanced artificial intelligence and machine learning systems are able to model senders and recipients identity characteristics, behavioural norms and relationships at both personal and industry levels. This learning allows the technology to create a real-time understanding of email behavioural patterns and to label the threat-level of an email accordingly.
- Virtual SPF and Sender Profiling – Agari made its name authenticating email traffic for the worlds largest brands over the past 6 years, now handling insights from over 1 trillion messages per year! This has given Agari a unique insight into the sending IP’s for email domains the world over, so that when an email is sent from an IP that is out of the norm for a given domain, this inherently raises the flag.
The above delivers unprecedented detection of an array of different attack types, from compromised account takeovers, display name spoof, full domain spoof, lookalike domain spoof and brand spoofing. Agari Email Trust Platform plugs the gap left by the Secure Email Gateway providers.
Recommendations For Tackling The Threat of BEC
Organisations will need to invest in emerging technology that can make email infrastructure more policy-focused, more dynamic in the way it interacts with end users, and more effective in educating users and changing behaviour. Due to the evolving nature of BEC attacks and the various threat pathways, the technology solution needs to be a mixture of email scanning, sandboxing, URL scanning, authentication, dynamic classification and sender profiling. On top of this, email defences should use up-to-date threat intelligence sources to allow them to adapt in real time to current threats. This includes blacklisting IP addresses and preventing user access to URLs of malicious domains. Needless to say, any solutions that are implemented need to integrate with existing technology and policies to be effective.
To find out more about how InfoTrust can help protect your organisation against targeted inbound attacks visit our Business Email Compromise page here or contact us on info@infotrust.com.au.
see our
Related resources
In today’s digital age, we all use a vast amount of information to conduct our business activities, sharing, and interacting with data across multiple devices and networks. As such confidentiality, integrity and availability are key. You only have to look at recent news headlines to realise that even organisations with comprehensive security strategies are still vulnerable to cybersecurity breaches. Vulnerabilities can lie within the technology being used, the cyber-awareness of its employees, and the sophistication of attacks.
During the great cloud rush, many organisations moved to various cloud environments, for the productivity advantages, improved reliability and security compared with running on premise environments. But the naysayers conveyed the risks associated of security concerns and outages, having the potential to bring down a company or even an economy if a there was a massive outage.
Based on InfoTrust analysis at the start of 2019 of over 9000 Australian company domain MX and SPF records, over a third of these organisations rely on Microsoft O365 Productivity suite.
This includes some of Australia’s largest organisations that would undoubtedly disrupt an economy if they were without email for a sustained period of time.
Phishing attacks have increased dramatically over the last few years, with the global pandemic escalating the situation further. Cybercriminals take advantage of insecurities and fear and play on human nature to trick and deceive. In fact, according to the OAIC, phishing attacks that involved compromised credentials accounted for 30% of all cyber incidents in the first half of 2021. And human error formed a major source of these breaches. Unfortunately, due to the clever social engineering tactics used by cybercriminals, technical filters alone aren’t sufficient to protect against phishing.
Mimecast recently released its State of Email Security Report for 2021. The fifth edition of its annual report used interviews with over twelve hundred of information technology and cybersecurity professionals across the globe to gather vital cybersecurity insights. The report offers an insight into the latest email threats along with advice on how to build cyber resilience and mitigate the risks of email-borne attacks.
Last month CrowdStrike released its 2020 Global Threat Report, reflecting on the past year’s cybercrime and the types of attacks and techniques criminals have been utilising. In this blog post, we take a look at the key trends from the report and what they mean to Australian businesses.
Earlier this month the CrowdStrike® Falcon® Overwatch™ team released their 2018 mid-year review, “Observations from the Front-Lines of Threat Hunting”. InfoTrust discusses the front-line and why security is everyone’s business. A brief precis, some thought provocation, and insight (hopefully) are below.
We're Here To Help