The compromise between business email and phishing attacks is still happening and cybercriminals access corporate email systems.
Well-organized cybercrime lust after big bucks, so hijacking business systems for cryptocurrency mining are on the decline, and business email compromise (BEC) is now the thing.
Certainly, surreptitious mining remains possible when the target is shifted from the now highly manufactured Bitcoin to Monero and other currencies. According to Chris Tappin, a Sydney based senior consultant at the Verizon Threat Research Advisory Center (VTRAC), the payback can still be higher elsewhere.
“When you commit cybercrimes and access a web server, you can do more now that has a better return, goes off and compromises e-mail accounts,” Tappin told cybersguards this week.
“You have to have a fairly good access to a Web Server and run software on it. So to only do some crypto-currency mining, it is a bit anticlimax,” he said.
‘ The crypto-mining business takes much media time, but in our dataset, we do not see it as important as things like the compromise on e-mail.’ Tappin refers to Verizon’s annual Data Breach Investigations Report (DBIR), now in its 12th year. This year, the highly respected report analyzes 41,686 safety incidents, with the information provided by 73 organizations.
It reveals that nation-state aggressions are on the rise. National States and their affiliates now account for 23 percent of data violations. That’s certainly a matter of concern.
But for this writer, the DBIR numbers on the compromise between business e-mails are a major concern.
In cases of a data breach, the use of stolen login credentials was by far the most common way to break in with the most common way of using a web application.
“It is not exactly avant-garde that valid credentials are used in pop web applications,” Verizon wrote.
“The reason it becomes noteworthy is that the compromised web application vector has been 60 percent of the time the front-end of cloud-based email servers.” In 2018, the FBI reported that business loss to BEC scams doubled and attacks are increasingly sophisticated. Cybercriminals alone scored 1,3 billion dollars from American companies.
Global losses reached $12.5 billion according to the FBI, which is $3 billion above the forecast of Trend Micro.
However, according to Tappin, the real figure is probably much higher since “many” BEC losses are not reported.
“Many obviously don’t disclose them, get cleared up. We’ve worked on many very large ones that never had any consideration to disclose them to police,” said Tappin.
“It was just written off as a business loss and everyone did it and didn’t want to talk about it, but was pretty embarrassed by what was going on.” Phishing continues to be the number one way to steal credentials.
“We are witnessing more of this focused phishing campaign-whatever you like to call spear phishing-where specific people are targeted,” Tappin told cybersguards.
“The priorities for certain businesses, either in Australia and globally, are really still two-factor authentication or multi-factor authentication.” Then, as always, the human factor is there.
For years we have known that phishing works and works, because it takes advantage of weaknesses in human psychology and organization, even in matters of national culture.
Usually, when employees go for a phish, they’re not at work, using mobile devices that don’t show the e-mail in its entirety.
Cybercriminals are now intelligent enough to target the right organizational personnel: payment authorized persons and their executive assistants. And when they are likely to be on their mobile device, they are smart enough to try to reach their targets.
“The boring thing that people should concentrate on with their security expenditure for me,” Tappin said.
