Wednesday, October 4, 2023
LetsAskBinu.com
  • Home
  • Cybersecurity
  • Cyber Threats
  • Hacking
  • Protection
  • Networking
  • Malware
  • Fintech
  • Internet Of Things
No Result
View All Result
LetsAskBinu.com
No Result
View All Result
Home Cybersecurity

Secure Corporate Emails with Intent-Based BEC Detection

Researcher by Researcher
October 31, 2022
in Cybersecurity
0
Secure Corporate Emails with Intent-Based BEC Detection
189
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter


Phishing Email Scam.
Image: Adobe Stock

In a business email compromise, generally, the attacker uses emails and social engineering techniques to have one person with financial power in a company transfer money to a bank account the attacker owns. This kind of fraud is a sophisticated scam targeting companies and individuals who perform legitimate funds transfers.

Statistics from the FBI’s Internet Crime Complaint Center, law enforcement and filings with financial institutions indicate that BEC alone caused an exposed loss of more than $43 billion USD between 2016 and 2021.

BEC detection and blocking based on email characteristics

BEC attackers use different social engineering techniques, yet most of the time, they use emails set up to pretend to come from a legitimate person in contact with the target. To achieve that, they often register email addresses close to the legitimate one from the impersonated person.

SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)

Therefore, one way to take advantage of this situation for blocking purposes might be to only allow external emails from trusted senders. Another variant consists of blocking emails coming from free email providers, as fraudsters often use those, as exposed by Cisco Talos (Figure A).

Figure A

Email domains used by BEC attackers.
Image: Cisco Talos. Email domains used by BEC attackers.

Yet, building email block lists can be difficult for users, as they sometimes get external emails from people that have not yet been added to their trust list.

Several security software options might help to deploy policy-based detections of BEC emails. Those solutions generally store the names and email addresses of executives in a database that is used on every incoming email. If the name is found in the “from” field of an email and does not match the legitimate one stored in the database, a BEC attempt alert is raised.

Must-read security coverage

There is yet an obvious limitation to this detection type: If the email comes from any other person than the executive, no alert is raised. Attackers might also spoof the legitimate address in the “from” field in some cases, but use a different “reply to” field, which might help bypass some detections if they are only based on the “from” field.

And in some cases, the fraudsters might have compromised the executive email box and would be able to send emails impersonating them without raising alerts for that kind of detection.

Another approach: ML-based model profile building

According to Talos research, it is possible to build a profile of C-level executives by using a machine learning algorithm to analyze all emails.

This profile would be based on several items, such as the person’s writing style, activities, geolocation when sending emails, timestamp of posting. A relations graph capturing the person’s email interactions with others might also be generated.

In case of any deviation from the profile, a BEC alert could be raised.

Just as for traditional detection, the method has some limitations. Generating the profile needs to be done from real traffic, and data collection, model building and training will take time. Also, building it for every employee of the company would be challenging.

As for the non-executives impersonated persons in companies, Talos indicates that they are engineers more than 50% of the time (Figure B).

Figure B

Impersonated non-executives BEC email titles.
Image: Cisco Talos. Impersonated non-executives BEC email titles.

An intent-based approach to BEC detection

This approach aims at solving the biggest problems of the policy-based and machine learning algorithm methods: the non-scalability of the model and the difficulties of maintaining a database of sender email addresses and their names.

To overcome those limitations in detecting BEC fraud, Talos offers an intent-based approach.

This approach separates the detection of the BEC threat into two distinct problems. The first one is a binary class problem. It classifies emails into a BEC message. The second one is a multi-class problem, classifying the BEC into the type of scam.

SEE: Optimize and secure your team’s Apple devices with Jamf Now (TechRepublic Academy)

The researcher explains that the intent-based approach not only detects BEC emails but also categorizes it into a kind of BEC scam: payroll, money transfer, initial lure, gift card scams, invoice scams, acquisition scams, W2 scams, aging reports and more.

From a technical point of view, it consists of extracting the email text and converting sentences into numeric vectors. This conversion is based on NNLM or BERT algorithms, which takes the meaning of words in the sentence and then performs detection and classification using deep neural networks. The final output is a probability of the email to be a BEC attempt. A low confidence in the result will lead to more analytic detections to provide a final trust indicator.

This approach works no matter who is impersonated in the company.

Figure C

Comparison of the different approaches to BEC detection.
Image: Cisco Talos. Comparison of the different approaches to BEC detection.

The need for raising awareness

No matter what kind of automated solution is deployed to protect companies and employees from falling to BEC fraud, it is still a great addition to train employees and raise awareness on what BEC fraud is, how it happens, what kind of social engineering tricks it uses, and what should raise suspicion.

Users need also be aware that BEC fraud can happen not only by email but also by voice. Some BEC fraud might leverage phone calls to approach the employees or even SMS.

Any attempt to change a modus operandi for a financial transfer, any sudden change of a recipient banking account should immediately raise an alarm and be investigated. The user targeted should never be afraid to reach out to the sender of the request via another communication channel to confirm there is no ongoing scam.

Secure your team’s mobile devices and detect phishing scams faster with the Mobile Device Security Policy from the policy experts at TechRepublic Premium.

Disclosure: I work for Trend Micro, but the views expressed in this article are mine.



Source link

Related articles

Sentra Raises $30 Million for DSPM Technology

Northern Ireland’s Top Police Officer Apologizes for ‘Industrial Scale’ Data Breach

August 13, 2023
Minimizing Risk Through Proactive Apple Device Management: Addigy

Minimizing Risk Through Proactive Apple Device Management: Addigy

August 12, 2023
Tags: BECcorporateDetectionEmailsIntentBasedsecure
Share76Tweet47

Related Posts

Sentra Raises $30 Million for DSPM Technology

Northern Ireland’s Top Police Officer Apologizes for ‘Industrial Scale’ Data Breach

August 13, 2023
0

Northern Ireland’s top police officer apologized Thursday for what he described as an “industrial scale” data breach in which the...

Minimizing Risk Through Proactive Apple Device Management: Addigy

Minimizing Risk Through Proactive Apple Device Management: Addigy

August 12, 2023
0

Enterprise IT teams are struggling to cope with three major forces of change: the evolving regulatory environment, a globally dispersed...

Decipher Podcast: Katelyn Bowden and TC Johnson

Decipher Podcast: Katelyn Bowden and TC Johnson

August 12, 2023
0

Veilid main site: https://veilid.com/ Cult of the Dead Cow site: https://cultdeadcow.com/ Source link

In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack 

In Other News: macOS Security Reports, Keyboard Spying, VPN Vulnerabilities

August 12, 2023
0

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under...

Used Correctly, Generative AI is a Boon for Cybersecurity

Used Correctly, Generative AI is a Boon for Cybersecurity

August 12, 2023
0

Adobe stock, by Busra At the Black Hat kickoff keynote on Wednesday, Jeff Moss (AKA Dark Tangent), the founder of...

Load More
  • Trending
  • Comments
  • Latest
This Week in Fintech: TFT Bi-Weekly News Roundup 08/02

This Week in Fintech: TFT Bi-Weekly News Roundup 15/03

March 15, 2022
Supply chain efficiency starts with securing port operations

Supply chain efficiency starts with securing port operations

March 15, 2022
Microsoft to Block Macros by Default in Office Apps

Qakbot Email Thread Hijacking Attacks Drop Multiple Payloads

March 15, 2022
QNAP Escalation Vulnerability Let Attackers Gain Administrator Privileges

QNAP Escalation Vulnerability Let Attackers Gain Administrator Privileges

March 15, 2022
Beware! Facebook accounts being hijacked via Messenger prize phishing chats

Beware! Facebook accounts being hijacked via Messenger prize phishing chats

0
Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone

Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone

0
Remote work causing security issues for system and IT administrators

Remote work causing security issues for system and IT administrators

0
Elementor WordPress plugin has a gaping security hole – update now – Naked Security

Elementor WordPress plugin has a gaping security hole – update now – Naked Security

0
Browse Safer and Faster Around the World with JellyVPN for just $34.99

Browse Safer and Faster Around the World with JellyVPN for just $34.99

October 3, 2023
Hackers Steal User’s Database From European Institute

Hackers Steal User’s Database From European Institute

October 3, 2023
Hackers Bypass Cloudflare Firewall & DDoS using Cloudflare

Hackers Bypass Cloudflare Firewall & DDoS using Cloudflare

October 2, 2023
AWS Honeypot to Disrupt Threat Actors

AWS Honeypot to Disrupt Threat Actors

October 2, 2023

Recent Posts

Browse Safer and Faster Around the World with JellyVPN for just $34.99

Browse Safer and Faster Around the World with JellyVPN for just $34.99

October 3, 2023
Hackers Steal User’s Database From European Institute

Hackers Steal User’s Database From European Institute

October 3, 2023
Hackers Bypass Cloudflare Firewall & DDoS using Cloudflare

Hackers Bypass Cloudflare Firewall & DDoS using Cloudflare

October 2, 2023

Categories

  • Cyber Threats
  • Cybersecurity
  • Fintech
  • Hacking
  • Internet Of Things
  • LetsAskBinuBlogs
  • Malware
  • Networking
  • Protection

Tags

Access attack Attacks banking BiWeekly bug Cisco cloud code critical Cyber Cybersecurity Data Digital exploited financial Fintech Flaw flaws Google Group Hackers Krebs Latest launches malware Microsoft million Network News open patches platform Ransomware RoundUp security services Software Stories TFT Threat Top vulnerability warns Week

© 2022 Lets Ask Binu All Rights Reserved

No Result
View All Result
  • Home
  • Cybersecurity
  • Cyber Threats
  • Hacking
  • Protection
  • Networking
  • Malware
  • Fintech
  • Internet Of Things

© 2022 Lets Ask Binu All Rights Reserved