What is Business Email Compromise?
Business Email Compromise (BEC) is an umbrella term for a series of cyber-attack techniques coordinated and performed with the goal to coerce sensitive information or financial transactions from those in key positions within an organisation.
How BEC Attacks Work
At a first glance, Business Email Compromise attacks don’t seem especially sophisticated. They’re similar to phishing attacks in principle, and use similar techniques, sending fraudulent emails to unsuspecting victims with the intention to steal their sensitive data. What sets BEC attacks apart from other cyber threats is that they are human-operated.
The majority of cyber-attacks are automated or script based, meaning a pre-written program carries out the attack. These types of attacks are simpler to prevent, as they follow specific patterns, allowing them to be detected easily.
Human-Operated attacks are much harder to detect. Such attacks are operated by cybercriminals in real time, allowing them to utilise their knowledge and experience to adapt the attack on the fly, and overcome standard defence systems. Due to the adaptability which ‘hands-on-keyboards’ attacks allow for, they are more difficult to recognise and respond to than automated script-based attacks.
Before launching a BEC attack, cybercriminals collect information about your company, its employees, its organisational culture, and its internal network. They may spend long lengths of time, lurking within your network, gathering this information, before implementing the attack. This information is then used to manipulate victims into doing as they wish.
This process is known as ‘social engineering’, and is what enables BEC techniques to succeed.
To paint a picture, imagine receiving an email from someone who appears to be a trusted figure within your organisation, requesting a transaction or sensitive information. Now, imagine that this email is part of a chain of previous emails and conversations connected to the same email address. Within the email, they reference information about actual employees, your real workplace environment, or a current company initiative – would you treat this email with suspicion?
This is exactly what happened within a BEC attack on Toyota in 2019, which led to over £30 million being stolen.
What has Microsoft Done to Overcome BEC Attacks?
Automatic Attack Disruption
Automatic Attack Disruption (AAD) is a solution for combating potential attacks automatically, offered by Microsoft 365 Defender (MD). Acting quickly and effectively, AAD works to stop the progression and limit the impact of active cybersecurity attacks.
You may, understandably, be wary of placing the responsibility of your organisations safety on automatic response systems. Microsoft utilises insights from data collated from thousands of incidents investigated by Microsoft research teams, to establish ‘high confidence’, before automatic actions are carried out.
How Automatic Attack Disruption works:
- Detect. MD accurately detects malicious activity with high confidence utilising AI-driven detection capabilities. To achieve this MD correlates insights collected across all the endpoints and devices within your organisation’s network, to detect suspicious activity.
- Classification. Further investigation of the threat is carried out, other malicious activity and trouble causing assets are identified. These are traced back through the chain of attack, to locate their origins.
- Response. With the malicious activity detected and classified, automatic actions are taken to stop the attack. MD disables the user or contains the device from which malicious activity resigns.
To avoid negatively impacting your networks health, MD tracks network-critical assets and refrains from containing these. Any automatic actions MD performs can also be easily undone so that your SOC team remains in charge.
The Benefits
Microsoft 365 Defender’s automatic attack disruption software is now capable to deal with business email compromise and human-operated ransomware attacks.
Through swiftly detecting and deactivating compromised accounts, the attacker’s ability to send harmful emails is restricted, potentially preventing financial losses.
This is a huge development! With AAD’s game changing capabilities, these cyber threats which once relied on entirely manual responses to overcome, can be prevented automatically. This not only reduces the likelihood of a successful attack, but also reduces the impact attacks have on resources and productivity.
On average, a SOC analyst has less than 20 minutes from deployment to effectively mitigate a BEC attack. AAD increases this time frame significantly, allowing your SOC team more opportunity to mitigate the consequences of this threat.
It is important to note that AAD can only work effectively in unison with the expertise of security professionals, and should not be relied on as a primary security solution.
How We Can Help
Microsoft Defender provides a wide range of functionalities placing it’s potential far beyond what is utilised by the majority of organisations. When effectively implemented and well-synergised, these products can offer an unparalleled level of cybersecurity protection, for businesses of any size.
We can help you ensure that you unlock the full potential of your investment. You wouldn’t buy a top of the range Apple Watch, just to tell the time. So why let capabilities you’ve already payed for go un-used.
As a Microsoft Gold Partner, we at Vital are ideally placed to help you:
- Understand your current Microsoft infrastructure.
- Identify opportunities for development.
- Unlock your investment’s potential.
- Secure the best Microsoft pricing.
For a no obligation review of your Microsoft cloud infrastructure get in touch here.
