Business Email Compromise Scams Evolve, Cost Billions

Business email compromise (BEC) scams have become a major concern for companies worldwide, with the FBI reporting that these attacks have cost businesses over $43 billion globally between 2016 and 2022. Unlike traditional phishing attacks that rely on malware or infected attachments, BEC scams use social engineering tactics to trick victims into wiring money or handing over sensitive data.

According to experts, BEC attackers do their homework, studying the target company's accounts payable workflow, scraping LinkedIn profiles, and spoofing vendor domains to create convincing emails that appear to come from trusted suppliers or executives. These emails are often well-crafted and may even be inserted into existing email conversations, making them difficult to detect.

One of the latest threats in the BEC landscape is the Lazarus Group, a North Korean threat group that has been using a new type of ransomware called Medusa. In addition to Medusa, the group has also leveraged other tools, including the Comebacker backdoor, Blindingcan RAT, and info stealer Infohook, in its recent attacks.

So, how can companies prevent BEC scams? The key is to be aware of the red flags. These may include sudden requests for payments or changes to payment instructions, emails that appear to come from executives or suppliers but have slight variations in the sender's email address, or requests for sensitive information or login credentials.

To prevent BEC scams, companies should implement a combination of technical and non-technical controls. These may include:

• Verifying the authenticity of emails, especially those that request payments or sensitive information
• Implementing two-factor authentication for email and other critical systems
• Conducting regular security awareness training for employees
• Monitoring email traffic for suspicious activity
• Implementing a robust incident response plan in case of a BEC attack

In addition, companies should also be aware of the tactics used by BEC attackers, including the use of social engineering tactics to create a sense of urgency or trust. By being aware of these tactics and taking steps to prevent BEC scams, companies can reduce the risk of falling victim to these costly attacks.

In the case of the Lazarus Group's Medusa ransomware, companies should be on high alert for any suspicious activity related to this malware. This may include monitoring for unusual network activity, implementing robust backup and disaster recovery procedures, and having a plan in place for responding to a ransomware attack.

In conclusion, BEC scams are a major concern for companies worldwide, with the potential to cost billions of dollars in losses. By being aware of the red flags and taking steps to prevent these scams, companies can reduce the risk of falling victim to these attacks. Staying vigilant and up-to-date on the latest threats, including the Lazarus Group's Medusa ransomware, is critical in the fight against BEC scams.

Sources:

• "How to prevent business email compromise"
• "Know the red flags: Business email compromise signs to look out for"
• "Lazarus Group Picks a New Poison: Medusa Ransomware"