As online dangers keep changing, one type of attack really tricks people's minds: business email scams. These scams rely a lot on tricking people rather than hacking into systems. It shows how important it is to know and protect against trickery in today's online world.
“Business email compromise (BEC) attacks are one type of attack particularly adept at manipulating human behaviour”, says cybersecurity expert and J2 Software CEO John Mc Loughlin. “These schemes heavily exploit social engineering tactics, emphasising the need to grasp and counteract the skillful use of deception.
Social engineering, present in 90% of phishing attacks today, is the cornerstone of BEC attacks. These schemes exploit human vulnerabilities, leveraging urgency, emotional manipulation, and familiarity to trick individuals into divulging sensitive information or performing unauthorized actions.
Understanding common social engineering tactics and the threat groups behind them is crucial for businesses seeking to fortify their defences against BEC attacks”.
Exposing threat actor groups
Diamond Sleet: Notorious for its software supply chain attack on JetBrains, Diamond Sleet poses a significant threat to organisations. By infiltrating build environments, this group jeopardises the integrity of software development processes, warranting heightened vigilance from affected entities.
Sangria Tempest (FIN): Sangria Tempest specialises in targeting the restaurant industry, employing elaborate lures such as false food poisoning accusations to steal payment card data. Leveraging underground forums for recruitment and training, this Eastern European group has orchestrated numerous successful attacks, compromising millions of payment card records.
Octo Tempest: This group, driven by financial motives, employs sophisticated adversary-in-the-middle (AiTM) and social engineering tactics. Initially targeting mobile telecommunications and business process outsourcing firms, Octo Tempest later partnered with ALPHV/BlackCat to amplify its impact through ransomware operations.
Midnight Blizzard: Operating primarily out of Russia, Midnight Blizzard targets governments, diplomatic entities, NGOs, and IT service providers across the US and Europe. Utilising Teams messages as lures, this group aims to steal credentials by engaging users in multifactor authentication (MFA) prompts.
Safeguarding against social engineering fraud
Protecting against social engineering fraud requires a multifaceted approach. Firstly, maintain separation of personal and work accounts. By keeping personal and work accounts separate, individuals can mitigate the risk of attackers exploiting personal information to impersonate trusted entities and gain access to corporate data.
It is critical to implement Multi-Factor Authentication (MFA). While MFA adds an extra layer of security, businesses should be vigilant against emerging threats like SIM swapping. Linking MFA to authentication apps rather than phone numbers can mitigate this risk.
“Educating users on the dangers of oversharing personal information online is also extremely important. Limiting the availability of personal details reduces the effectiveness of social engineering tactics that rely on establishing trust”, says Mc Loughlinsinesses must deploy robust endpoint security, firewalls and email filters to safeguard against phishing attempts and other malicious activities. These defences serve as critical barriers against intrusions and data breaches.
By staying informed about ongoing threat intelligence and maintaining up-to-date defences, businesses can effectively thwart the increasingly sophisticated tactics employed by social engineering threat actors. Proactive measures are essential in safeguarding against the pervasive threat of social engineering fraud.”