The concept of Cyber Security has undergone a significant transformation. In the past, we placed our trust in Firewalls, URL filters, or Endpoint Detection and Response (EDR) solutions, but today, these measures are entirely insufficient. If we once believed that we had done everything to prevent an attacker from entering our network, the current assumption is that the attacker is already inside the network, and damage is only a matter of time.
Most attacks begin through the organization’s main communication channel – the email channel – using attacks like Business Email Compromise (BEC), Email Account Compromise (EAC), Phishing, and more, to steal the end user’s username and password. Such an attack can lead to a breach of the organization’s resources and, effectively, to Lateral Movement, i.e., moving within the organizational network. This movement is typically facilitated through Service Accounts, Shadow Admin Accounts, Cached Credentials, RDP sessions, and more, with the ultimate goal being to reach and steal information from highly sought-after servers such as the Active Directory or the organizational file server, either by exfiltrating the data to external sources or by encrypting it.
Today, most organizations utilize Email Security solutions (spam filters) and Data Loss Prevention (DLP) solutions aimed at preventing these attacks and thwarting the exfiltration of data. However, as mentioned at the beginning, the current assumption is that the attacker is already in your environment, and the task now is to find them. Proofpoint addresses this issue with its ITDR solution.
The first step involves removing Shadow Admin Accounts, Cached Credentials, RDP sessions that allow an attacker to move within the network, thereby reducing the attack surface. The next step is to plant deceptions at various points in the network/stations/servers:
- Fake files and file shares
- Database connections
- FTP/RDP/SSH connections
- Browser histories and URLs
- Windows credentials
- Network sessions
- Emails
- Scripts
These deceptions are visible only to the attacker and not to the end-user, making any interaction with them a true event!
Interested in learning more? We would be delighted to hear from you and arrange a meeting on the subject.
What’s BEC?
Business Email Compromise (BEC) is a sophisticated scam targeting businesses by exploiting email communications to facilitate fraudulent activities, primarily financial fraud. This cyber threat involves attackers impersonating executives, employees, or business partners in carefully crafted email messages. The goal is often to trick the recipient into making unauthorized wire transfers or divulging sensitive information. BEC scams are known for their lack of malicious attachments or links, making them particularly challenging to detect with traditional email security measures. Instead, they rely on social engineering tactics, leveraging detailed research and manipulation to appear as legitimate requests. As a result, BEC poses a significant risk to organizations, leading to substantial financial losses and compromising the integrity of business operations.
What’s AEC?
Email Account Compromise (EAC) is a form of cyber attack where attackers gain unauthorized access to an individual’s email account to carry out malicious activities. This cyber threat is closely related to Business Email Compromise (BEC), but specifically involves the breach of personal or corporate email accounts. Attackers typically use phishing techniques, exploiting weak or stolen credentials to infiltrate the account. Once access is gained, they can monitor email communications to launch targeted attacks, initiate fraudulent transactions, or further propagate the compromise through the victim’s contact list. EAC poses a severe threat as it allows attackers to impersonate the account owner, conduct financial fraud, and extract sensitive information, thereby undermining personal security and corporate integrity.
What’s Phishing?
Phishing is a cyber attack method that employs deceptive emails, messages, or websites to trick individuals into disclosing personal information, such as passwords, credit card numbers, or social security numbers. These fraudulent communications are designed to mimic legitimate sources, often appearing to come from well-known organizations or contacts, in order to gain the trust of the victim. Phishing attacks may prompt users to enter sensitive information on a fake website, or encourage them to download attachments that install malware on their device. The ultimate goal of phishing is to exploit the stolen information for financial gain, identity theft, or to gain unauthorized access to secure systems. Due to its reliance on social engineering techniques, phishing remains one of the most prevalent and effective cyber threats today, emphasizing the need for individuals and organizations to remain vigilant and informed about cyber security practices.
