A recent report from Microsoft has revealed that banking and financial services institutions have become key targets for a new type of attack, known as adversary-in-the-middle (AitM) phishing and BEC (business email compromise). This has led to the reporting of over 21,000 cases and a staggering $2.7 billion in losses. The FBI has also noticed a sharp rise in business email fraud in recent times.
Several particularly concerning strategies have been employed by cyber-criminals in these attacks, most notably the use of high-tech means to bypass “impossible travel” alerts. These are commonly used to detect and prevent any abnormal login attempts, plus other highly doubtful account actions. By circumventing these security features, attackers strive to facilitate the monetization of Cybercrime-as-a-Service (CaaS).
The rise of AitM phishing is moving at an unbelievable pace. Attackers are using platforms such as BulletProftLink to orchestrate their malicious campaigns on an industrial scale.
BulletProftLink provides cybercriminals with a full suite of services, such as access to templates, hosting, and automated tools that are specifically designed to enhance BEC operations. With this growing use of Crime-as-a-Service (CaaS), cyber-criminals can easily access victim credentials and the corresponding IP addresses. After executing the BEC scheme, threat actors engage residential IP services for obtaining IP addresses that match the victim’s location.
By creating residential IP proxies, cyber-criminals can hide their true origin, giving them enhanced anonymity. Microsoft has observed the deployment of this tactic most frequently in Asia and an Eastern European nation where threat actors have been highly active.
The detection of “impossible travel” alerts is utilized as an indicator when identifying potential compromise of a user account. However, threat actors use IP/proxy services that are used by marketers and other research-focused individuals. This makes the scale of these attacks even harder to control.
To facilitate phishing campaigns and acquire compromised credentials, cyber-criminals use phishing-as-a-service platforms such as Evil Proxy, Naked Pages, and Caffeine. The annual cost of BEC for organizations in terms of losses runs into hundreds of millions of dollars.
Executives, senior leaders, finance managers, and human resources staff are the top targets for BEC attackers. All forms of BEC attacks are seeing a surge in use, and the top trends include Lure, Payroll, Invoice, Gift card, and Business Information.
BEC attacks are standout cyber-crimes for their specialized use of social engineering and the ability to deceive even the most experienced people. Researchers at Microsoft have offered several recommendations for businesses to enhance their security measures. These include maximizing the security settings that protect the inbox, establishing a robust authentication system, providing comprehensive training for identifying warning signs, implementing an effective security system, utilizing a well-established and secure email solution, restricting unauthorized lateral movement, implementing a protected payment platform, and verifying financial transactions with a phone call as a reliable method.
In conclusion, banking and financial service institutions should take reasonable measures to ensure that their infrastructure is safe and secure from cyber-attacks. With Attackers using sophisticated methods to breach the security systems, it has become crucial for businesses to implement a multi-layered approach to handle the rising menace of AitM phishing and BEC.