Petya / BEC

Proofpoint study: Email-attacks on CEOs are increasing strongly

Proofpoint, Inc., one of the world’s foremost Next-Generation Cybersecurity companies, has launched a study on the development of Business Email Compromise attacks (BEC, also CEO fraud) on the basis of extensive research on attack assaults on more than 5,000 business customers.

The attacks are more sophisticated and at shorter intervals. Within three months (October to December 2016) there is an increase of 45 percent. A Proofpoint-enhanced “Web Discover Module” from Digital Risk Defense and a protection with “Email Fraud Defense”, which enables Proofpoint customers to authenticate their emails, are designed to counter the fast-growing threat. With the Web Discover module, customers are supported to identify similar, dubious domains registered by third parties. This equality in the domain name is used by many attackers to deceive the potential victims.

Common traps

In a BEC attack, the attacker deceives the identity of a manager of a company and sends an email to the employees – for example with the instruction to send money or important company information urgently. Proofpoint recently is the only vendor in the market to protect its customers from all forms of attack via CEO fraud.

Security measures

“Three out of four of our customers have been attacked by BEC in the last three months of 2016”, said Ryan Kalember, Proofpoint’s Senior Vice President of Cybersecurity Strategy. “The attacker has to be successful only with one victim in order to inflict great damage. This shows that purely static rules are not enough to protect against cybercriminals. In addition, they permanently change the text of their fraudulent emails. In order to protect themselves, companies must therefore take a whole series of measures in order not to be harmed. These include, among other things, systems for detecting attacks, authentication of communications and data backup.”

The most important facts of the study

  • Attacks based on CEO fraud increased by 45 percent. Two thirds of all attackers could conceal their origin, so the mail looked as if it came from their victim’s own company (spoofing).
  • The cybercriminals attack companies regardless of their size. However, larger organizations are more attractive to attackers.
  • The manufacturing, retail and technological sectors are more frequently and more regularly attacked. The online fraudsters try to exploit the more complex supply chains and SaaS infrastructures of these industries.
  • Although the CEO is still being faked as the sender of these mails, more and more decision-makers are being attributed to the organization. For example, to accounting for fast-transfer, to personnel departments for sensitive employee data, or to research and development departments to gain access to intellectual property.
  • Almost three thirds of all BEC mails contain terms such as “Urgent”, “Payment” or “Request” in the subject line.

Solutions for BEC

Proofpoint’s Email Fraud Defense solution protects organizations from spoofing through email authentication. For this purpose, Proofpoint uses a DMARC reporting interface (Domain-based Message Authentication Reporting & Conformance) in combination with the recommendations of the most qualified experts in the field of authentication. The BEC solution includes dynamic and rule-based classification through Proofpoint Email Protection, protection against data loss with Proofpoint Email DLP, and proactive detection of similar domains with Proofpoint Digital Risk Defense.

This article is partially based on a press release from Proofpoint, Inc., April 2017.

Image source: iStock / monsitj