Increased BEC Attacks

Business Email Compromise (BEC) breaches are turning into the go-to strategy for cybercriminals. The FBI’s Internet Crime Complaint Center (IC3) reports that Business Email Compromise (BEC) schemes within the U.S rose to nearly $2.4 billion in 2021, up 33% from the previous year and up tenfold since 2015.

These attacks typically begin with a security breach of some sort – an unpatched system, an unaddressed vulnerability, or a phishing email that someone clicks on. Once the perpetrators are inside, they then rely on spoofing emails that impersonate executives, financial personnel, CEO, vendors, or partners. The goal is to request what appears to be legitimate business payments from authentic-looking emails from a known authority figure. Done well, employees comply without thinking and transfer large sums of money to an untraceable account.

Example: The CEO is in Asia working on the latter stages of an acquisition. A BEC scam might involve sending legitimate-looking emails from actual corporate email addresses (or addresses that look similar to legitimate email accounts). These messages give authorization to transfer funds NOW to a certain bank account. But it isn’t always money. Sometimes the goal is to steal an employee’s personally identifiable information, or wage, financial, or tax forms.

Nail Salon Scammer

The owner of a nail salon in California scored big with BEC by tricking a public school district in Michigan into wiring its monthly health insurance payment to its bank account. $2.8 million was stolen. Banks managed to recall about half of it.

Investigators discovered that a hacked HR identity began the event. By masquerading as the HR staffer, the person convinced the finance department to send the money to a new account. But the plot thickens in this case. The nail salon owner claimed someone in Europe convinced him to accept the funds and forward them to other accounts. The FBI countered that this is a ruse to escape conviction.

In other examples, major deals have been hijacked by scammers. A U.S. nonprofit was fooled into sending an approved grant for $650,000 to a fake account. Again, email phishing was the culprit. The email of someone in accounts was taken over by a thief, and wire details were changed at the last minute. The money went to an account in Texas and was moved on from there. Law enforcement actions to date have failed to locate the money or bring the perpetrators to justice.

Further BEC tactics utilize “deep fake” audio and video messages generated by artificial intelligence that pretend to be from executives, enticing subordinates to sending funds.

In many cases, criminals hack into corporate systems months before, using known but unmitigated vulnerabilities. They then sit tight, quietly monitor traffic, and note the best opportunity. As a deal is unfolding, they take control of an email account, send an urgent request to someone in finance, and divert the funds to the wrong destination. By the time the scam is suspected, typically the next day, the money has disappeared.

Even the federal government can fall for such tricks. The U.S. State Department was another recent target. $200,000 allocated to farmers in Tunisia was redirected to who knows where.

What to Do to Prevent BEC Attacks

To prevent this happening to you or your organization, employee education is vital, particularly about phishing and other social engineering trickery. Multi-factor authentication is another important element.

Specific to BEC, warning signs include sudden urgency injected into financial transfers, requests to use new accounts, or email addresses and domains that are almost, but not quite right. Scammers often set up fake websites and email addresses that look genuine until you look more carefully. Where money or major changes are involved, always verify using another communication method than email.

The Power of Syxsense

And back up these sensible actions with comprehensive Unified Security & Endpoint Management (USEM) protection. Syxsense Enterprise can detect and remediate breaches automatically. It can scan for all vulnerabilities on any device, block communication from an infected device to the internet, isolate endpoints, and kill malicious processes before they spread.

It can automatically prioritize and deploy OS and third-party patches to all major operating systems, as well as Windows 10 feature updates. IT and security teams can use Syxsense Enterprise to collaborate on the detection and closing of attack vectors. It offers management, control, and security for any and all desktops, laptops, servers, virtual machines, and mobile devices.

The Question of Security

With compute environments being so distributed and so cloud oriented, confusion is inevitable, particularly on the security side. Within organizations, applications and data are split between on-premises systems and the cloud. Not just one cloud. Many organizations operate multiple clouds or subscribe to services from a great many providers.

And then there is the software and services supply chain. It is no longer usual for one provider to take care of everything. A great many vendors are typically involved in various workflows and systems. Providers like Kaseya and SolarWinds, for example, provide underlying systems that other software relies upon. Remote monitoring and management systems like these are used by countless enterprises and vendors as part of their external or internal offerings.

Managed service providers (MSPs), too, rely on such applications to take care of software delivery and general remote operation. This enables them to focus on their core competencies such as backup, security, or CRM. Even internally within organizations, there tends to be a reliance on a variety of systems to be able to remote into employee devices, deliver updates, and more.

Bottom line: This labyrinth is so pervasive that it is very hard to keep track of who is exactly doing what. And who is responsible for which functions.

Cloud Insecurity

This is bad enough on general IT management. But when it comes to security, the repercussions can be disastrous. The lines of demarcation on security duties must be well known.

This problem has already come to head following some well publicized cloud breaches. Some enterprises blamed their cloud providers for attacks, only to be quoted the fine print about what the cloud provide was actually responsible for. Yes, they secure their own clouds. Yes, they provide a series of cloud features. And yes, they promote these in ways that may make it seem that they cover all aspects of security. But they don’t.

The user is usually responsible for the integrity of the files being sent to the cloud i.e., ensuring no malware lurks inside. Further, some cloud providers hold the user organization responsible for encryption of files being sent to the cloud.

In other words, the delineation of duties isn’t always clear. Hence, someone in IT might be asked, “who is securing our systems and our data?” And the response might be, “I thought the cloud provider was doing that.”

Cybercriminals Taking Advantage

The software and IT services supply chain now sprawls across all corners of the web. And the cybercriminals are capitalizing on the grey areas between providers and client organizations to find zones that “fall between chairs.” Each party thinks the other one is taking care of that security function. The Kaseya and SolarWinds hacks were only the beginning. They showed the bad guys that it was far smarter to hack one company and have its supply chain network distribute that software to large numbers of organizations.

No wonder supply chain breaches are exploding. An NCC Group paper found that cyberattacks on supply chains increased by 51% between July and December 2021, based on a survey of 1,400 cybersecurity decision-makers at organizations with over 500 employees in 11 countries. 36% believe they’re more responsible for preventing, detecting, and resolving supply chain attacks than their suppliers.

However, 53% say both their company and its suppliers are equally responsible for the security of supply chains. Nearly half say they don’t stipulate security standards for their suppliers, and a third don’t regularly monitor and risk assess their suppliers’ cybersecurity arrangements.

As more supply chain breaches happen, though, awareness of this problem area is rising. More companies are recognizing supplier risk as a key challenge. They plan to increase security budgets by an average of 10% this year.

Take Charge of Your Own IT Security

Anyone utilizing the cloud is advised to carefully weed out any ideas within the IT ranks that someone else takes care of cloud security duties. It is up to IT to secure its own systems, data, devices, and identities. And to define exactly what providers do and don’t do with regard to security. Assume it is NOT secured unless you have a guarantee in writing from the provider. Be tenacious in hunting down the facts about the division of duties.

Syxsense provides SaaS and MSP-based security services that automatically take care of functions such as endpoint management, mobile device management, patch management, vulnerability scanning, and remediation.

To take one example: In patch management, Syxsense guarantees to test and critical patches within four hours of their release. It automatically deploys patches based on a priority system to safeguard all organizational systems and devices by providing the correct updates and patches.

What’s Coming for Endpoint Security?

Gartner recently completed an in-depth review of the entire endpoint security landscape. The analyst firm delved into every facet of endpoint security to determine which technologies were rising, which were being eclipsed by more modern approaches, and what the future holds.

Researchers pointed to unified endpoint security (UES) and unified endpoint management (UEM) as being among the major waves of the security future. While these technologies are still evolving they are rising rapidly in adoption as more and more vendors manage to unite their various endpoint offerings under one fully integrated umbrella.

Traditional Endpoint Detection and Response (EDR)

Traditional endpoint detection and response (EDR) systems have become a popular way to protect enterprise endpoints from attacks and breaches, and as a means of achieving secure remote access. Some vendors are adding to EDR capabilities via extended detection and response (XDR) suites.

What is the difference? EDR focuses on protecting endpoints only. XDR takes a wider view. It integrates security across endpoints, cloud computing, email, and other areas. This is particularly important in light of the larger trend of more and more people working from home. XDR offers a broader zone of protection.

Gartner notes that endpoint security innovators have been focusing on better and more automated prevention, detection, and remediation of threats. One of the goals is to protect endpoints while enabling access from any device to any application over any network and with a good user experience in terms of performance and low latency.

Vendors are introducing, for example, UES and UEM suites that combine elements of EDR, endpoint protection platforms (EPP), and mobile threat defense (MTD) into one integrated toolset. UES suites focus on endpoint security and provide some management features. UEM, on the other hand, stresses management and typically includes good security functionality, too.

What’s changing?

The lines are blurring. These products can secure workstations, smartphones, and tablets and manage it all from a single console. They offer a way for businesses to achieve some degree of vendor consolidation, at least on security. Instead of having one vendor for patch management, another for EDR, another for mobile device management, and others for MTD, EPP, and other functions, it can all be rolled into one consolidated system.

According to Rob Smith, an analyst at Gartner, UES offers plenty of benefits and is now on the radar for up to 20% of its target market.

“Unified endpoint security brings together endpoint and protection, as well as MTD under a unified platform, with tight links to endpoint management infrastructure for end user facing devices, such as Windows 10, macOS, iOS, Android and — in some cases — also extending to Linux and Chrome OS,” said Smith. “UES has the potential to be a single best-of-breed solution for all endpoint security, provided that the unified product’s cross-device data analytics is strong.”

He recommends that organizations evaluate UES adoption based on three goals:

• Extend detection and response beyond the laptop and desktop to mobile devices.
• Unify endpoint security and management workflows from a single console.
• Allow for complex, posture-based policy application along with supporting technology like secure remote access.

Organizations, therefore, should harness tools such as UES and UEM to consolidate all endpoint security onto a single suite to lower support costs and improve threat prevention and detection, and incident response.

The Power of Syxsense

Syxsense Enterprise bring the best of UEM and UES together. It is the world’s first Unified Security and Endpoint Management (USEM) solution, delivering real-time vulnerability monitoring and instant remediation for every single endpoint in your environment, as well as IT management across all endpoints.

This represents the future of threat prevention. Breaches can now be detected and remediated within one endpoint solution. It can scan for all vulnerabilities on any device, block communication from an infected device to the internet, isolate endpoints, and kill malicious processes before they spread.

Syxsense Enterprise can automatically prioritize and deploy OS and third-party patches to all major operating systems, as well as Windows 10 feature updates. IT and security teams can use Syxsense Enterprise to collaborate on the detection and closing of attack vectors. It offers management, control, and security for any and all desktops, laptops, servers, virtual machines, and mobile devices.

The Rise of Ransomware

Ransomware has been in the headlines for a couple of years now. One day, stories will be written that explain how the ransomware epidemic is now over. That day has not arrived.

Yet with all the media coverage ransomware attacks constantly attract, it would be reasonable to assume that its effectiveness and impact would lessen due to greater overall awareness of the problem. The opposite appears to be true, according to a new study by Enterprise Strategy Group (ESG). Gaps in readiness continue to make it difficult for many organizations to manage and recover from attacks.

Here are some of the statistics uncovered by ESG: 73% of organizations that experienced a ransomware attack in the past 12 months were negatively impacted. i.e., three quarters didn’t deal with it well.

Even in those organizations with big security budgets and mature security processes in place, 75% suffered significant operational disruption. These numbers call into question how organizations are defending themselves against ransomware via effective detection, prevention, mitigation, and recovery.

Bargaining with the Devil

Blackmail is one of those crimes that just won’t go away. If the victim pays, it is rare that the perpetrator doesn’t return again and again to extort yet more money. It is the same with ransomware.

According to ESG, 61% of those who paid a ransom were subjected to further extortion attempts resulting in extra payments being made on top of initial sums. The FBI’s warning never to pay a ransom clearly makes sense. You are striking a bargain with devil but paying a ransom. Yes, they said they would leave you alone, but:

1. They usually want more money within a short time
2. They often leave some malware inside your systems even when they provide you with decryption keys.

Among those meeting ransom demands, only 14% said they retrieved all their lost data. The only guarantee there is when paying a ransom is that more trouble from the same cybercriminals lies just over the horizon.

IT Skills Gap

Part of the reason why ransomware remains so potent is the difficulties organizations are experiencing with IT staffing. Many organizations just don’t have trained staff knowledgeable enough to effectively address the ransomware scourge. According to ESG, 45% admit to struggling to acquire or retain the skills needed to respond to ransomware breaches.

“Unfortunately, many organizations remain seriously under-prepared to effectively mitigate against the risks and impact of ransomware attacks,” said Christophe Bertrand, practice director at ESG. “This results in a significant number concluding they have no alternative but to pay ransom demands in the hope their data will be returned. Instead, leaders should be focusing on ransomware strategies that emphasize effective, rapid, and complete recovery.”

Finding The Right Kind of Help

With ransomware attacks growing in volume and severity and paying the ransom no longer a guarantee of recovering your data, organizations need all the help they can get in dealing with this ever-present danger.

Syxsense Enterprise provides comprehensive defense against ransomware that encompasses prevention methods, detection, and remedial action. It is the world’s first IT management and Unified Security and Endpoint Management (USEM) solution that delivers real-time vulnerability monitoring and instant remediation for every single endpoint in your environment.

This represents the future of threat prevention. Breaches can now be detected and remediated within one endpoint solution. It can scan for all vulnerabilities on any device, block communication from an infected device to the internet, isolate endpoints, and kill malicious processes before they spread. It can automatically prioritize and deploy OS and third-party patches to all major operating systems, as well as Windows 10 feature updates.

IT and security teams can use Syxsense Enterprise to collaborate on the detection and closing of attack vectors. It offers management, control, and security for any and all desktops, laptops, servers, virtual machines, and mobile devices.

The Issue of “Overclouding”

The scope of some cities in Asia boggles the mind. There are places in China you never heard of that are already bigger than Los Angeles, New York, or London. Seoul, Manila, Shanghai, and Delhi all have at least 25 million people in their metropolitan sphere. Tokyo metro is up to more than 37 million. Jakarta and Delhi are rapidly catching up. One of them may soon take over as the largest urban center in the world.

There are a great many advantages to urban living. Everything is close to hand, labor is available, and economies of scale can be generated. But if you have ever driven in any of these Asian cities or in LA, New York, Houston, or London for that matter, you will have been shocked by the volume of traffic. These cities are crowded. Commutes are long. Freeways are jammed. Gridlock is the norm. Crime tends to soar in dense urban settings.

The cloud is heading in a similar direction. Laura DiDio, an IT and security analyst at ITIC, notes that that the cloud is getting crowded. Public and hybrid cloud markets are hotter and more competitive than ever. 2022 will see $1.3 trillion in cloud spending, rising to $1.8 trillion by 2025 according to Gartner, outpacing non-cloud IT spending. DiDio predicts that hybrid cloud adoption will accelerate in the coming years. Thus, IT systems will continue to be split between internal and increasingly dispersed external cloud components.

The Issue of IT Security

That poses a big problem of security. ITIC’s 2022 Global Server Hardware Security survey found that businesses suffered an 84% surge in security incidents like ransomware, email phishing scams, and targeted data breaches over the last two years. Each successful breach has a financial cost of $4.24 million, according to the Ponemon Institute. The price tag has risen by 20% in the past two years. The problem has only gotten worse as organizations deploy more cloud services across multiple clouds and as they try to support a vast network of mobile and work-from-home employees.

Overclouding Multiplies Risk

More than half of all business malware is aimed at work-from-home employees using cloud applications. Like a modern, rapidly expanding and gridlocked city, “overclouding” greatly increases the risk of a security incident.

Inside many enterprises, IT struggles to stay on top of the scope and extent of the organization’s overall cloud footprint. Never mind staying in control; some IT departments have no idea how many cloud applications are being run from various parts of the enterprise.

With cloud apps being so accessible and traditional IT procurement practices being so time consuming, cumbersome, and bogged down in red tape, line of business heads have been taking matters into their own hands. They are signing up for SaaS, and other as-a-Service options in record numbers. This is a nightmare for security vendors. How can you track, monitor, and safeguard systems and applications if you are not even aware they are running, and don’t know on how many devices?

Relieving City Congestion

Massively congested cities like Jakarta and Cairo have come up with a novel solution to the overcrowding problem. They are building new capital cities. Egypt, for example, is close to completing its new administrative capital about 45 km east of Cairo to ease congestion and make it easier to conduct the business of government. Traffic was so bad that government meetings often failed to materialize. The new capital should solve that problem and make the administration of government smoother.

IT doesn’t have that option. Until a new, wholly secure internet is invented, security issues are a fact of life. Risk and threat lurk in every email, webpage, or connection to the cloud. The best approach is to up your security game.

The Syxsense Advantage

Syxsense Enterprise is the world’s first IT management and Unified Security and Endpoint Management (USEM) solution that delivers real-time vulnerability monitoring and instant remediation for every single endpoint in your environment. This represents the future of threat prevention.

Breaches can now be detected and remediated within one endpoint solution. It can scan for all vulnerabilities on any device, block communication from an infected device to the internet, isolate endpoints, and kill malicious processes before they spread. It can automatically prioritize and deploy OS and third-party patches to all major operating systems, as well as Windows 10 feature updates.

IT and security teams can use Syxsense Enterprise to collaborate on the detection and closing of attack vectors. It offers management, control, and security for any and all desktops, laptops, servers, virtual machines, and mobile devices.