Incident Response Playbook: Ransomware
Considered one of the most detrimental threats to businesses, government entities, and individuals, ransomware attacks have escalated significantly...
Flying under the radar for years, BEC attacks have been slowly climbing the ranks as one of the most popular tactics amongst cybercriminals to exploit vulnerabilities and orchestrate scams.
In a recent report by the Federal Bureau of Investigation revealed staggering statistics: "In 2023, the IC3 received 21,489 BEC complaints with adjusted losses exceeding 2.9 billion dollars" - IC3
As BEC incidents continue to surge, the importance of a well-crafted and thoroughly rehearsed BEC incident response playbook cannot be overstated.
A Business Email Compromise (BEC) is a type of cyberattack where attackers use social engineering and email spoofing techniques to deceive individuals within a company, typically targeting employees who have access to finances or sensitive information.
"According to the IBM Cost of a Data Breach 2023 report, business email compromise and phishing attacks were among the costliest breaches, averaging around $4.7 million dollars per incident." - IBM
In a BEC attack, the goal is to fool employees into sending money or sensitive info to the attacker by pretending to be someone they trust at work. These attacks come in all shapes and sizes, from stealing data to faking invoices, impersonating CEOs, posing as lawyers, hacking accounts, and more.
When it comes to spotting these sneaky attacks, keep an eye out for a couple of things. Firstly, double-check the sender's email address for any typos or weird characters. And remember, never click on suspicious links or attachments, even if the emails look like they're from legit vendors or higher-ups – better safe than sorry.
Sometimes, hackers hijack the accounts of people you trust, so always double-check any unexpected messages or requests to make sure they're legitimate. Also, be wary of urgent requests or strange payment inquiries – if anything seems fishy, we suggest contacting the individual using an alternative trusted channel, such as a phone call, message, or the best option, face-to-face.
A recent court decision in Virginia may have provided a roadmap for some BEC victims to seek compensation from the financial institutions that facilitate the fraudulent transfers of money - Discerning Data
A United States District Court Judge found that 1st Advantage, involved in processing a BEC payment, didn't handle things responsibly. Because of their slip-up, the victim of the BEC scam was awarded $558,868.71 in damages
Known for being one of the biggest and well know BEC scams of all time, the incident resulted in around $121 million in collective losses- NS Business
Rimasauskas, the con man, established a fake company, Quanta Computer, resembling a legitimate vendor used by Google and Facebook. He then presented convincing invoices to both companies, which they promptly paid out.
The hacker gang TA4903, known for BEC attacks, is impersonating U.S. government agencies to trick targets into opening malicious files with fake bidding links - bleepingcomputer
When recipients scan the QR codes, they are directed to phishing sites that are made to appear like the official portals of the impersonated U.S. government agencies. Proofpoint states that TA4903 frequently registers domain names resembling those of government entities and private organizations across different sectors.
In line with NIST's structured incident response approach as detailed in Special Publication 800-61, here are some general guidelines and steps we suggest integrating into your incident response plan to prepare for a potential BEC attack
At the end of the day, the best way to stop BEC attacks is through thorough training. By teaching employees about common BEC tactics like phishing and social engineering, they can spot and report suspicious emails faster. This builds a culture of awareness that helps organizations avoid falling victim to BEC scams.
Rivial allows you to easily build, view, store, and maintain scenario-specific playbooks when general incident response procedures fall short.
Our incident response module consists of four sections, including a module dashboard where you can find a concise overview of relevant incident response systems, prioritized response action items, exercises, teams, incidents, and detections to ensure your organization is always prepared and every stakeholder knows their role with accessible, tested, and ready-to-go procedures and playbooks. Schedule a time to learn more about our platform today!
Considered one of the most detrimental threats to businesses, government entities, and individuals, ransomware attacks have escalated significantly...
Whether you're a small startup or a major financial institution, having a well-crafted incident response (IR) plan is crucial for effectively...
National Credit Union Administration's (NCUA) recent policy on reporting Cyber Incidents went into effect September 1, 2023, and now requires all...