Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    IBM Discovers Business Email Compromise Attack Tied to $5M in Loses

    By
    Sean Michael Kerner
    -
    February 22, 2018
    Share
    Facebook
    Twitter
    Linkedin
      IBM Business Email Compromise

      IBM reported on Feb. 21 that its’ X-Force Incident Response and Intelligence Services (IRIS) unit discovered a large Business Email Compromise (BEC) attack that is responsible for approximately $5 million in losses.

      According IBM X-Force IRIS, the attack is likely based out of Nigeria and has successfully targeted Fortune 500 companies. Though the source of the attack appears to be from Nigeria, IBM cautions that the new BEC campaign is unlike the so-called “Nigerian Prince” email scams that first appeared in the late 1990’s.

      “While the infamous Nigerian prince email scams that have been around for decades are widely distributed at random, this campaign is extremely targeted and sophisticated, using multiple layers of social engineering tactics to evade suspicion,” Alexandrea Berninger, Security Intelligence Analyst at IBM X-Force IRIS, told eWEEK. “This Business Email Compromise attack is targeting accounts payable employees at Fortune 500 organizations and successfully stealing millions of dollars.”

       

      Business Email Compromise (BEC) attacks aim to trick users into paying fraudulent invoices. In May 2017, the Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3), reported that BEC scams have led to $5.3 billion in financial loses globally since October 2013.

      Berninger explained that the new Nigerian-based BEC attack was discovered by IBM X-Force IRIS Incident Responders who investigated multiple incidents involving compromised companies. She noted that some companies confirmed they received phishing messages or they identified emails from attackers attempting to impersonate personnel, while in other cases, companies reached out to IBM after the fraud had already occurred.

      As part of the BEC campaign, the attackers were able to obtain known contacts from a target employee’s email address book in order to appear as a legitimate request. Berninger said that the BEC attackers accessed the known contacts from within the employee’s email account and sent emails directly from the victim’s email.

      “Since the user’s (Microsoft) Office 365 accounts were not protected with Multi-Factor Authentication (MFA), the attacker used compromised email and password sets to directly access a victim’s email account through the web-based email service,” Berninger said.

      To hide their tracks, the BEC attackers created email rules to keep the compromised account owners in the dark as to what was truly going on with their accounts. Berninger said that the attackers also created email inbox rules configured to auto-forward messages to an attacker-controlled account, so they could monitor a user’s inbox without logging into it. Going a step further, the BEC attackers made use of spoofed DocuSign login pages to get victims to pay fraudulent invoices. DocuSign is a widely used electronic signature technology that is often used alongside payment services.

      “During our research we discovered that fraudulent DocuSign login pages were hosted on both legitimate (i.e. compromised websites) and malicious attacker-controlled websites masquerading as legitimate websites,” Berninger said.

      DMARC Sometimes Helps Limit Risks

      The use of Domain-Based Message Authentication (DMARC) is recommended as a way to help limit the risks of BEC attacks. DMARC provides integrity checks for email to make sure that it is coming from an authorized domain.

      However, with the Nigerian BEC campaign uncovered by IBM X-Force IRIS, Berninger noted that DMARC wouldn’t have made a difference.

      “While we do not have information to confirm whether they were using DMARC, we assess that if they had been using DMARC, the BEC campaign still could have worked, because the attackers were sending emails from within the compromised users email account,” she said.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×