Category Archives: BEC

Tackling the BEC Epidemic in a New Partnership with INTERPOL

In just a few short years, Business Email Compromise (BEC) has gone from a peripheral threat to a major cyber risk for organizations. It’s making criminal gangs millions of dollars each month, hitting corporate profits and reputation in the process. Trend Micro has built a formidable array of resources over the past few years to help protect our global customers from BEC. We also recognize that to combat cybercrime effectively, we have a duty to share these resources with law enforcement agencies wherever possible.

That’s why we’ve teamed up with INTERPOL in a new awareness-raising campaign set to launch in 59 participating countries around the world this month.

 BEC on the rise

Reported BEC attacks cost global firms nearly $1.3 billion in 2018, almost half of total cybercrime losses recorded by the FBI. The problem is getting worse. We detected a 58% increase in BEC attempts on customers in the first half of 2019 compared to the last six months of 2018. Some firms have been conned out of tens of millions of dollars. Among the list effected include Facebook ($99m) and Google ($23m), to name but a few.

Reports suggest BEC gangs are employing increasingly professionalized tactics, for example using commercial lead generation services to amass databases of tens of thousands of corporate executives to target. Victims need not be large enterprises either: BEC could affect SMBs, schools, non-profits — any organization that makes regular wire transfers.

It’s perhaps no surprise that BEC made such gangs over $300m each month in 2018 from US victims alone, according to the Treasury.

 Fighting back

At Trend Micro, we have developed multiple layers of protection to help insulate our customers from the worst effects of BEC. These include our AI-powered Writing Style DNA feature that learns the writing characteristics of your executives and sounds the alarm if it spots any emails deviating from the norm. We also make it a priority to collaborate with global law enforcement agencies to raise BEC awareness among global organizations.

INTERPOL’s new campaign will launch during the Europol-Interpol Cybercrime Conference on October 9-11 and feature a series of infographics posted across Twitter, Facebook and Instagram over the succeeding weeks. Each post will tackle a new area, including:

  • Which employees are typically targeted inside organizations
  • The role of malware and social engineering in attacks
  • Key prevention tips

Trend Micro will support the campaign by reposting the infographics and adding links to its own resources to further educate and raise awareness among possible BEC targets.

Hand-in-hand

This is the latest in a long line of collaborative efforts between Trend Micro and INTERPOL.

Back in 2014, we signed an three year agreement to support the body with additional knowledge, resources and tactics, which has been extended through March 2021. Since then, we helped to disrupt a major $60m BEC network in a swoop that led to the arrest of its leader. In another joint operation, Trend Micro helped to identify nearly 270 websites infected with malware and 8,800 C&C servers across eight countries, which were responsible for spreading malware and spam, and launching DDoS attacks.

It’s great to see law enforcement making inroads into cybercrime gangs. Some 281 BEC suspects were recently arrested in a global crackdown. However, we know these efforts are just scratching the surface. That’s why we will continue to provide both industry leading threat protection for our customers, as well as collaborate on awareness raising and law enforcement operations. Public-private partnerships of this sort are necessary in a world in which the bad guys are often more agile and willing to team up to achieve common goals.

The post Tackling the BEC Epidemic in a New Partnership with INTERPOL appeared first on .

BEC Scams Cost Victims $26B over a Three-Year Period, Finds FBI

The Federal Bureau of Investigation (FBI) found that business email compromise (BEC) scams cost victims a combined total of $26 billion in losses over a three-year period. On 10 September, the FBI’s Internet Crime Complaint Center (IC3) published a public service announcement in which it revealed that BEC scams had caused $26,201,775,589 in global losses. […]… Read More

The post BEC Scams Cost Victims $26B over a Three-Year Period, Finds FBI appeared first on The State of Security.

2019 Verizon Data Breach Investigations Report (DBIR) Key Takeaways

The 2019 Verizon Data Breach Investigations Report (DBIR) was released today, and I was lucky enough to be handed a hot off the press physical copy while at the Global Cyber Alliance Cyber Trends 2019 event at Mansion House, London. For me, the DBIR provides the most insightful view on the evolving threat landscape, and is the most valuable annual “state of the nation” report in the security industry.

Global Cyber Alliance Cyber Trends 2019

The DBIR has evolved since its initial release in 2008, when it was payment card data breach and Verizon breach investigations data focused. This year’s DBIR involved the analysis of 41,686 security incidents from 66 global data sources in addition to Verizon. The analysed findings are expertly presented over 77 pages, using simple charts supported by ‘plain English’ astute explanations, reason why then, the DBIR is one of the most quoted reports in presentations and within industry sales collateral.

DBIR 2019 Key Takeaways
      • Financial gain remains the most common motivate behind data breaches (71%)
      • 43% of breaches occurred at small businesses
      • A third (32%) of breaches involved phishing
      • The nation-state threat is increasing, with 23% of breaches by nation-state actors
      • More than half (56%) of data breaches took months or longer to discover
      • Ransomware remains a major threat, and is the second most common type of malware reported
      • Business executives are increasingly targeted with social engineering, attacks such as phishing\BEC
      • Crypto-mining malware accounts for less than 5% of data breaches, despite the publicity it didn’t make the top ten malware listed in the report
      • Espionage is a key motivation behind a quarter of data breaches
      • 60 million records breached due to misconfigured cloud service buckets
      • Continued reduction in payment card point of sale breaches
      • The hacktivist threat remains low, the increase of hacktivist attacks report in DBIR 2012 report appears to be a one-off spike