By Caesar Tonkin, Managing Director, Armata Cyber Security
Cyber security experts know, more than most people, just how much damage opening up a harmful email that was sent with ill intent can do to an organisation.
Business Email Compromise (BEC) is a sophisticated form of cybercrime that targets organisations, manipulating unsuspecting employees to transfer funds, disclose sensitive information, or perform other unauthorised actions. To safeguard your business and its stakeholders from financial and reputational damage, it is crucial to understand BEC and its tactics, and implement robust preventative measures.
Business email compromise involves cybercriminals masquerading as trusted entities, often high-ranking executives or clients, to deceive employees into taking detrimental actions. The perpetrators exploit human vulnerabilities, relying on social engineering techniques to persuade employees to make EFT transfers, reveal login credentials, or provide sensitive information. The success of BEC attacks often hinges on the element of surprise, the manipulation of trust, and the absence of proper security protocols within organisations.
South Africa remains the most targeted African country in terms of ransomware and business email compromise. Across Africa, cybercriminal activity around business email compromise is increasing, in terms of both the volume of the attacks and their impact.
This development reflects global trends: between April 2022 and April 2023, Microsoft detected and investigated 35 million BEC attempts, which corresponds to about 156,000 attempted attacks every day. Meanwhile, the global financial impact of BEC is reported to have grown since 2013 to exceed USD 50 billion in 2023.
When Opening an Email is Unsafe
The use of a phishing campaign by threat actors, whereby fraudulent emails with malicious attachments are sent to unsuspecting recipients, involves the use of tactics specifically designed to exploit human error and vulnerabilities in systems to gain initial access. And with 95% of cyber attacks originating from email, the requirement for email security is critical for all members of an organisation.
Image: Mohamed Hassan, Pixabay
Today, malicious email attachments, which are designed to launch an attack on the victim’s computer when the attachment is opened, are an increasingly dangerous threat to corporate security – with the potential for nation state attacks as an extreme variation.
They can be disguised as documents, voicemails, e-faxes or PDFs, and used by the threat actor to install viruses on a computer, set up ransomware attacks or launch advanced persistent threats (APTs).
Protection is therefore a non-negotiable for employees working online, as they share confidential data with customers and partners, and make use of file-sharing services or other unsanctioned applications.
Growth in BEC Attacks in South Africa
BEC scams have been on the rise locally, targeting both large corporations and small businesses. Attackers typically impersonate executives or trusted partners to deceive employees into transferring funds or divulging sensitive information.
Here are some notable instances and trends related to BEC attacks in South Africa:
- Sasol Attack (2019): One of the prominent cases involved Sasol, a large local energy and chemical company, which was targeted by a BEC scam that resulted in significant financial losses. Attackers managed to spoof emails from senior executives, instructing employees to transfer large sums of money to fraudulent accounts.
- Liberty Holdings (2018): Another notable incident involved Liberty Holdings, a major financial services group. Although primarily a data breach, the attackers leveraged compromised email accounts to initiate a BEC scam, attempting to extort the company for a ransom.
- Government Sector Attacks: Various government departments have also fallen victim to BEC attacks. For example, the Department of Water and Sanitation in South Africa reported incidents where attackers used fake email accounts to solicit fraudulent payments from contractors.
- Small and Medium Enterprises (SMEs): SMEs in South Africa have increasingly become targets due to perceived weaker cybersecurity measures. Many small businesses have reported incidents of fraudulent invoicing and payment redirection scams initiated through compromised email accounts.
- Supreme Court of Appeal Landmark Ruling: The Supreme Court of Appeal has ruled that a law firm is not liable to pay a client money stolen by fraudsters who manipulated emails sent from the firm. In a landmark local ruling, the Supreme Court of Appeal overturned a high court ruling which had found previously that leading law firm ENSafrica was liable to pay a woman R5.5-million stolen by fraudsters who manipulated e-mails sent from the firm. In a unanimous decision, the appeal court said the liability finding by the high court judge in the case would have “profound implications”, not just for the attorney’s profession, but all creditors who send their bank details by e-mail to their debtors.
Global BEC Attacks
Recent examples of phishing attacks making global news include the following:
- Italy’s Grendi Group, a shipping, transportation and logistics company that has been in operation for nearly 200 years – since 1828 – recently reported a cyber-attack on its IT systems stemming from a malicious email attachment.
- A wave of ‘StrelaStealer’ email credential stealer campaigns has affected more than 100 organisations across the European Union and the United States. The spam emails contain attachments that launch malware, which steals email login data. Once the threat actor gains access to the victim’s login details, they can use it for further attacks. To bypass detection, attackers change the initial email attachment file format from one campaign to the next, making it difficult for analysts and security tools to detect the malware.
- S. telecommunications company Frontier experienced a serious data security breach that compromised the personal information of over 750,000 clients. The company confirmed that a security incident resulted in the unauthorised disclosure of full names and Social Security numbers, apparently from ransomware group RansomHub, which is known to use fraudulent email attachments in its modus operandi.
- Impersonation scams are on the rise, and hackers are finding tremendous success in exploiting legitimate brands. Whether it’s spoofing the brand or sending phishing emails directly from the service, anything that looks like a trusted brand is more likely to land in the user’s inbox and more likely to be acted upon.
- Manufacturing Most-Targeted US Industry in BEC Attacks: The US manufacturing market has seen 63% more BEC investigations than any other industry, coming in ahead of healthcare, education, business services, insurance, and technology, among others. This is as reflected by 2023 statistics, as outlined here.
As phishing attacks continue to evolve and become more sophisticated, it is essential for people and organisations to stay vigilant – no one is immune.
Safety Assured with Armata and Mimecast
Protecting against malicious email attachments requires advanced threat protection over and above the standard security measures designed to protect email systems. Armata Cyber Security has partnered with Mimecast to provide a highly effective defence against malicious email attacks.
Mimecast provides cloud-based services designed to simplify email risk management, heighten email security and improve cyber resilience. Built on a massively scalable cloud platform, Mimecast’s fully integrated subscription service enables organisations to reduce the cost and complexity of protecting email and making it safe and available for business.
Mimecast’s email security services include tools for virus, malware and spam protection as well as secure messaging, insider threat detection and sending large file attachments. Mimecast’s end-user empowerment services also provide training and tools that can help employees better spot malicious email attachments, dangerous URLs or an insider threat.
The Mimecast Email Security solution is backed by nearly two decades of continuous enhancement and practical applications, trusted by tens of thousands of customers and millions of users globally.
The email security provided by Armata and Mimecast protects against inbound and outbound email-borne threats. This includes malware, spam, phishing, DHA and DDoS attacks, deliberate or accidental data leaks, outages, and social engineering attacks. Armata offers Email Security to the market as a service, with all the support required to assist organisations in maintaining their security on a 100% available platform.