Trends in Security

visible on larger screens only

Please expand your browser window.
Or enjoy this interactive application on your desktop or laptop.

Type of Threat or Opportunity

Increase in BEC, Covid-19 is still the lure in E-mail fraud campaigns

E-mail related threats have been consistently ranking high in the list of prime threats in the ETL for a number of years. Phishing aims at stealing important information like credit card numbers and passwords, through e-mails involving social engineering and deception. Business e-mail compromise (BEC) is a sophisticated scam targeting businesses and organisations, whereby criminals employ social engineering techniques to gain access to an employee’s or executive’s e-mail account to initiate bank transfers under fraudulent conditions. As expected, the COVID-19 pandemic has given rise to this category of threats, since people’s online presence and need for communication has greatly risen during this period. Moreover, the digitalisation of many traditional services grew at an unprecedented rate during the pandemic, and given e-mail’s lead role as a communications means, the increase in e-mail related threats was undeniable.

More source info

COVID-19 still the lure in e-mail threat campaigns

Spam campaigns with COVID-19 related lures were major occurrences throughout the reporting period. In general, COVID-19 was exploited by adversaries to trick end users into falling victims to various types of e-mail related attacks. Exploiting the angst concerning the pandemic and the trust that people place on their e-mail as a principal means of communication, adversaries made use of COVID-19 to spread their campaigns. These campaigns ranged from attempts to trick users into ordering face masks from phony websites to infecting them with malware via malicious attachments. Three-quarters of attachments in these e-mails contained infostealers – a type of malware that steals sensitive information (such as passwords or other credentials).

Postal services used in phishing campaigns
Several phishing campaigns aiming to steal the credit card numbers of victims by sending phishing e-mails related to deliveries from national postal systems have been observed during the reporting period. The e-mails try to lead users to phishing websites that capture their credit information

QRishing: new version of an old scheme
Social distancing during the pandemic has popularised QR (Quick Response) codes,372 which are simple to use and may be pretty simple to generate. Identifying a fake QR message is not straightforward and it creates a suitable environment for malicious activity. A tactic that has been observed is embedding fake QR codes into phishing e-mails sent by large European banks. Upon scanning the code, users are directed to websites with realistic-looking landing pages, where the victim may be prompted to login in order to renew their credit cards. Moreover, public QR codes could also cause a problem as cybercriminals may swap them out by replacing their own QR codes over genuine ones.

BEC has increased, has grown in sophistication and become more targeted

According to publicly available reports, BEC was the most costly cybercrime type in 2020 during which organisations

reported total losses of more than 1.8 billion dollars. During the reporting period, it was observed that BEC schemes have evolved, especially regarding credential phishing and the conversion of money into cryptocurrency. As EU Member States report, there have been many cases where Office 365 accounts have been used for BEC scams. This implies that the actors have also conducted credential phishing operations or password spraying attacks (a technique similar to brute force attacks) against the victims. Moreover, although cybercriminals target all sectors and businesses, BEC actors show an increased focus on small and medium-sise enterprises

Recommendations
The following mitigation vectors were discussed regarding e-mail related attacks and incidents during the reporting period.

 Provide regular user training on how to identify suspicious links and attachments and how to report them.
 Implement spam filters at the e-mail gateways; keep signatures and rules updated. Whenever possible, use a secure e-mail gateway with automated maintenance of filters (anti-spam, anti-malware, policy-based filtering).
 Put security controls into place on the e-mail gateway to reduce the frequency or possibility of the lures arriving

to your employees’ inboxes.
 Implement a need-to-know access policy to limit the impact of any compromise.
 Consult the MITRE ATT&CK® framework for the tactics of adversaries and techniques pertaining to

cybersecurity threats.
 Ensure e-mails originating from outside the organisation are automatically marked before received.
 Implement multifactor authentication (MFA) to accounts.
 Check the lifespan of a suspected malicious domain and its ownership. If it has been active for less than a year,

it could be a scam.
 Whenever possible, apply security solutions that use machine-learning techniques to identify phishing sites in

real-time.
 Disable automatic execution of code, macros, rendering of graphics and preloading mailed links at the mail

clients and update them frequently.

 Implement one of the standards for reducing spam e-mails.
 Whenever possible, for critical financial transactions or when exchanging sensitive information, implement

secure e-mail communications by using digital signatures or encryption.
 Whenever possible, implement fraud and anomaly detection at the network level for both inbound and outbound

e-mails.
 Do not click on random links or download attachments if you are not absolutely confident about the source of an

e-mail.
 Check the domain name of the websites you visit for typos, especially for sensitive websites (e.g. bank websites).

Threat actors usually register fake domains that are similar to legitimate ones and use them to ‘phish’ their

targets. Looking only for an HTTPS connection is not enough.
 Use a strong and unique password for every online service. Re-using the same password for various services

is a serious security issue and should be always avoided. Using strong and unique credentials for every online service limits the risk of a potential account takeover to only the affected service. Using a password manager software will make managing of the whole set of passwords easier.
 Check how contact, registration, subscription, and feedback forms work on your website and add verification rules if necessary, so that they cannot be exploited by attackers.
 Implement content filtering to locate unwanted attachments, e-mails with malicious content, spam, and unwanted network traffic.
 Avoid responding to new links received in e-mails or SMS messages by unknown senders and, most of all, do not enter your credentials when following such links.