How Abnormal Security combats business email compromise

Abnormal Security analyzes work relationships, language patterns to spot compromised accounts and stop them from sending mail.

Cybersecurity  >  Email security threats, such as phishing
CHUYN / Getty Images

When looking at all the different ways that hackers can threaten networks and enterprises, flashy incidents like ransomware scams often come to mind. But a relatively new kind of attack called business email compromise (BEC) has taken the lead in both frequency and overall damage, quickly becoming public enemy number one.

According to the FBI's recently released 2019 Internet Crime Report, the most destructive cybercrime for 2019 involved the dual threats of business email compromise and email account compromise, which were grouped into a single category. When a private individual falls victim, the FBI calls it email account compromise. When a business suffers the same fate, it’s called business email compromise.

An email compromise attack is successful when hackers take over an email address either by cracking the account password or using social engineering tactics to trick a user into giving them their password. Once compromised, the email is generally used to initiate fake wire transfers from businesses or to steal bank information from private individuals. And it’s a huge problem, resulting in almost $2 billion in losses last year. The numbers are probably higher, because many of the crimes are almost certainly not being reported. By comparison, ransomware scams only netted about $9 million, according to the FBI report.

Defending an enterprise against a hacker using a compromised email is extremely difficult. Unlike a phishing attack where an attacker spoofs an internal address from the outside or sets up a website that looks like the real thing, in a business email compromise attack, the attacker has basically stolen the identity of the person or entity who has been compromised. So it’s not a matter of someone pretending to be writing from the CEO’s account and asking for a wire transfer. It’s the CEO’s actual company email making the request.

From a cybersecurity standpoint, that’s not easy to stop. None of the internal security provided by popular cloud email programs like Google’s G Suite or Microsoft’s Office 365 are designed to protect against compromised accounts sending out bad information. Even if companies add something like a mail gateway, it’s really not going to be designed to stop BEC attacks once they get a foothold. And because they generally don’t involve malware or traditional data exfiltration, once established, compromised email accounts can be an ongoing gold mine for attackers.

The Abnormal Security platform was designed to defend against the growing scourge of BEC attacks. The platform is actually able to defend against most email-based intrusions, but its claim to fame is its ability to spot compromised accounts and stop them from sending mail, even after an attacker has taken over a valid user’s email identity.

To continue reading this article register now

7 hot cybersecurity trends (and 2 going cold)