Matt Kiely, a Principal Security Researcher at Huntress, posits that the obsession within the security community over business email compromise (BEC) attacks is misguided. He emphasizes that focusing on more constructive topics instead of BEC is crucial in protecting small to medium-sized businesses (SMBs) and managed service providers from cyber threats.
Kiely highlights the fact that SMBs are particularly vulnerable to BEC attacks, with the FBI estimating BEC losses to be a staggering $50 billion globally. These attacks can have devastating consequences for businesses such as construction companies, barber shops, bakeries, and retail stores, potentially leading to financial ruin.
The common misconception surrounding BEC attacks is that detection comes too late in the attack chain. Kiely notes that detecting the actual BEC attack is considered a failure, as it implies that earlier stages of the attack chain were missed. Likening BEC attacks to the “ransomware” of the cloud security world, he underscores the importance of identifying and preventing threat activities before the attack reaches its final phase.
One key area of focus is the detection of initial access by threat actors, particularly through methods like account takeover. By recognizing indicators of compromise at the early stages of an attack, businesses can proactively defend against BEC incidents. Kiely likens defending against BEC attacks to rerouting a train before it careens off a cliff, emphasizing the need for proactive intervention.
In discussing adversary tactics that result in account takeovers, Kiely outlines the risks posed by transparent proxy phishing, credential attacks like password spraying and brute forcing, and the use of VPNs for initial access. He stresses the importance of understanding these tactics in order to effectively deter BEC attacks from the outset.
By implementing robust detection and prevention measures at every stage of the attack chain, businesses can significantly reduce their vulnerability to BEC attacks. Kiely concludes that focusing on detecting and combating threats early in the attack cycle, particularly at the initial access stage, is crucial in safeguarding SMBs and managed service providers from the devastating impact of cybercrime.
In summary, as businesses continue to face evolving cyber threats, the emphasis on preemptive defense strategies and comprehensive threat detection becomes increasingly critical in protecting against BEC attacks. By shifting focus away from reactive approaches and towards proactive threat mitigation, organizations can better fortify their defenses and mitigate the risks posed by cyber adversaries.