Business email compromise (BEC) is a widespread and costly type of cyber attack that has surged in recent years. In this regular, bite-sized series, we look at the scale of the problem, the rapid rise in account takeover attacks on the Microsoft 365 platform, how investigations of these attacks are changing, and what all of this means to businesses, their cyber insurers and their legal representatives.
The next article in this series is Easy prey: BEC fraud at an industrial scale.
A damaging form of cybercrime
How does it work?
Pivoting to the cloud
The COVID-19 pandemic has presented cyber criminals with new opportunities for carrying out BEC fraud. Take for example the FBI’s warning in mid-April that scammers were using familiar BEC techniques in the context of the procurement of personal protective equipment and medical equipment. But more significantly, the unprecedented move to remote working driven by the COVID-19 pandemic has created a greater reliance than ever on cloud services, accelerating a trend that was already well advanced. As businesses have migrated from on-premise email to cloud platforms, there has been a significant change in the behaviour of threat actors.
Microsoft 365 (previously known as Office 365) is the target of the vast majority of account takeover attacks. But why are threat actors singling it out? First, it’s a very popular platform – a 2019 report calculated an adoption rate of 79%, based on a sample of approximately 138,000 companies. That presents criminal groups with a seemingly never ending list of potential victims for to target. Second, it has become a very lucrative target to the discerning cyber criminal because many organisations aren’t getting the cyber security basics right, which we’ll delve into (in detail) in a future article.
Coming up next
In the next part of this series, we explore why every organisation with a presence on Microsoft 365 should care about account takeover attempts. We’ll run through some of the most shocking statistics, including the fact that every month 0.5% of Microsoft 365’s enterprise accounts are compromised.
Find out more
Asceris’ business email compromise investigations combine the hands-on experience of our incident response specialists with our custom-built technology, enabling our customers and their insurers to respond quickly and with confidence. Our services leverage extensive automation, advanced analytics, automatic risk scoring, best in class IP address geolocation, external data feeds and intuitive reports, enabling us to uncover evidence rapidly from a wide range of data sources.
If you are the target of an active business email compromise attack, please request emergency assistance immediately.
Asceris offers a proactive risk assessment for Microsoft 365 environments to our cyber insurance partners and their customers. Our report presents environment-level risks and user-level risks that are based on our experience of responding to Microsoft 365 business email compromise incidents.
To find out more about any of our services, please contact us. To start a conversation or to report any errors or omissions, please feel free to contact the author directly.
Our mission at Asceris is to reduce the financial and business impact of cyber incidents and other adverse events. By understanding the cost drivers of claims and addressing these proactively through automation and continuous process refinement, we are able to deliver high quality incident response services in close collaboration with our industry partners.
Other recent insights