cyber threat 2018 business email compromise (bec) fraud awareness training · 2018. 11. 30. · the...
TRANSCRIPT
-
Cyber Threat 2018
Business Email Compromise (BEC)
Fraud Awareness Training
Gábor Weissmüller
EMEA Senior Investigator
Citi Security & Investigative Services
-
What is Cyber fraud?
• Phishing?
• Spear phising?
• Whaling?
• Social engeeniring,
• BEC ( Business Email Compromise)?
• Spyware?
• Ransomware?
• Swift fraud?
• Spoofed website?
• etc.
-
3
The Impact on Business
The financial implications help explain why Cyber is now considered one of the
primary operational risks, but a Cyber incident can damage far more than a
company’s bottom line.
Average cost of cybercrime to companies2
$21.2MM$11.5MM$10.4MM$8.7MMEstimated global cost of
Cybercrime by 20191
$2 Trillion
1. Forbes; “(Cyber crime) increasing to almost four times the estimated cost of
data breaches in 2015”;
January 2016.
2. Accenture & Ponemon Institute; “2017 Cost of Cyber Crime Study”;
September 2017.
-
4
Key Trends From 2017
Multi-National / Global Incidents.
Phishing 2.0.
The Evolution of Ransomware.
The Exploitation of IoT Devices (internet of things)
Increasing Incidents. Everywhere.
Five key cybercrime trends emerged during 2017
-
5
Primary Cyber Attackers
The cyber landscape consists of five primary groups of adversaries
Nation State Cyber Crime Terrorism Hacktivism Insider
Sophisticated
actors
Supporting
national
interests
Targeting trade
secrets &
sensitive
information
Financially
motivated
Frequent use
of social
engineering
Most common
type of cyber
attack
Politically or
ideologically
motivated
Goal is to instill
fear
Attacks often
destructive
Advancement
of a social or
political agenda
Attacks often
disruptive
Motivations
vary including
fraud, revenge,
desire for
destruction
Access is often
authorized,
making
detection hard
-
Business E-mail Compromise (BEC)
Organised Criminal Groups (OCGs)
are a global industry
Use Social Engineering tactics, via
phone and email
Target Corporate Entities’ Treasury
and Accounts Payable departments
Study their targets using Internet
and Social Media
Use Spear Phishing to install
malware on their targets’ PCs
Beneficiary Change
CEO Impersonation
Screen sharing
Trending Attack Methods
$3.1BLost via Business Email
Compromise (BEC) Scams
22 143 Victims from October 2013 to
February 2016
1300%Increase in identified exposed
losses since January 2015
As of April 14, 2016
Criminals spoof communications from the victim’s existing business contacts to persuade the firm’s employees to
transfer funds to accounts controlled by the criminals.
-
The Iceberg – The Anatomy of a BEC attack
TECH
INFILTRATIONSOCIAL
ENGINEERING
OSINT
Social Media searches
focused on key employees
- LinkedIn, Facebook,
Twitter etc.
Research on company
structure, payment
processing & platforms
SPEARPHISHING
Targeted Phishing e-mails
aimed at key personnel &
used to deploy
Malware/Spyware
3-9
Mo
nth
s3
-9 M
on
ths
K
n
o
w
l
e
d
g
e
B
u
i
l
d
i
n
g
E- mail
&
Payment
“They have excellent tradecraft, and they do
their homework. They use language specific to
the company they are targeting”
“To make matters worse, the criminals often
employ malware to infiltrate company
networks, gaining access to legitimate e-mail
threads about billing and invoices”
The FBI - BEC An Emerging Global Threat , Aug 2015
FILLING IN THE GAPS
Phone contact made with
employees of victim
organization to further
enhance knowledge of
company structure,
processes and personnel.
e.g. names of authorizers
LEARNING THE LINGO
Nuances of language
used between
employees noted
-
Social Engineering
• Social Networks
• Information available in public domain
Intelligence Gathering
• Using intelligence gathered to create a believable scenario
Pretexting
• Execute Attack
Execution
Social Engineers exploits our natural instinct to….
Trust – We tend to trust unless given a reason not to.
Assist – Social engineers target customer service & helpdesk representatives who are trained to help.
Obey – We have a natural tendency to obey Authority figures (follow instructions).
Social Engineering is the ‘Art of manipulating people into performing actions or divulging confidential information
that may not be in the target’s best interest’
-
Spoofed e-mails
In 2015 an unnamed US company was defrauded out of almost $100 million by individuals who created a fake e-
mail address in order to pose as one of its legitimate vendors
Spoofing involves the creation of a fraudulent e-mail address, which is designed to look like a genuine email
address. For example, if the target company’s domain is “@smith.com”, criminals may register “@smith.co.uk”
or “@smith-inc.com”. Spoofing can be used to add an appearance of legitimacy to fraudulent requests.
Second “i” is substituted with “l”
-
What we ask of clients in the event of Fraud
ACT
Alert
Follow up
Act Quickly
• Review and urgently confirm fraud - every
minute may count.
Use the ‘F’ Word
• Be prepared to state “FRAUD” and confirm this
in writing/email (not “potential fraud” or similar,
banks will not act on “potential” issues)
-
What we ask of clients in the event of Fraud
ACT
Alert
Follow up
Alert Immediately
• Initiate recall actions (this may include SWIFT
recall and/or direct contact)
• The shorter the time between fraudulent
transaction and detection, the greater the
chance of recovery
-
What we ask of clients in the event of Fraud
ACT
Alert
Follow up
Provide the Details
• Beneficiary banks and others will need clear
background information before they will act
• Some jurisdictions are more difficult than others so
clients may need to consider further action to secure
their position
• Provide details on what exactly happened (e.g. fake
email domains, compromised email chain)
• Where a beneficiary bank requests an indemnity from
*It is critical there is no delay in providing this letter!
-
The Importance of Immediate Escalation
An example of money flows following the initiation of fraudulent payments ….
Beneficiary 1
BANK A
BANK B
BANK C
BANK D
BANK E
BANK F
BANK G
BANK H
BANK I
BANK J
BANK COM
BANK F
BANK K
KZT 548,250,000
KZT 369,235,000
$135,000.00
$ 120,000.00
$ 130,000.00
$ 2,165,000.00
$ 2,100,000.00
$ 615,000.00
$ 399,800.00
$ 100,000.00
$ 200,000.00
$ 50,000.00
$ 50,000.00
$ 52,240.00
Beneficiary 1
Beneficiary 2
Beneficiary 3
Beneficiary 4
Beneficiary 5
Beneficiary 6
Beneficiary 7
$ 135,000.00
$ 120,000.00
$ 130,000.00
$ 2,165,000.00
$ 2,100,000.00
$ 615,000.00
$ 399,800.00
$ 100,000.00
$ 50,000.00
$ 200,000.00
$ 50,000.00
$ 52,740.00
$ 135,000.00
$ 120,000.00
$ 130,000.00
$ 2,165,000.00
$ 2,100,000.00
$ 2,165,000.00
$ 2,100,000.00
$ 135,000.00
$ 120,000.00
$ 130,000.00
$ 615,000.00
$ 399,800.00
$ 100,000.00
$ 50,000.00
$ 200,000.00
$ 50,000.00
$ 52,740.00
Client
Victim
-
14
Business Email Compromise – Precautions
The sophistication of BEC can make the attacks very hard to spot, but there are a
number of simple steps that Citi staff can take to reduce their chances of falling
victim
1 Understand the risk posed by BEC and educate your colleagues.Ensure all payment processes have maker:checker controls.
If you receive an email asking for a payment to be sent to a new beneficiary,
perform a call back on a known telephone number to check the request.
Look for requests that are out of the ordinary – different senders, new email
formats, unusual language or tone, strange times, etc.
Be wary of any email that is marked as ‘urgent’, ‘secret’ or ‘confidential’. As well
as requests that give an excuse why a call back cannot be performed.
23456 Don’t be pressured into making a quick decision. Listen to your instincts and question anything that feels wrong.
-
Questions?