A lot can happen between your morning coffee and your lunch.
That’s all it takes to go from ‘normal’ to ‘disaster’ when the hackers strike.
Microsoft researchers recently worked backwards through a ‘BEC’ attack (business email compromise – IT people love to convert everything into three-letter acronyms).
They found the hackers set up fake ‘typo-squatting’ email domains and had hijacked an email thread within a couple of hours. That’s the time from when they started setting up until when they struck.
The business would have had very little warning that they were under attack before the hackers were already harvesting confidential information.
The hacker’s goal is to gain access to an email account, then pretend to be a senior executive, so they can trick your payables team to make a fraudulent payment to the hacker.
They will use any means they can.
Typo-squatting allows them to set up a fake email account with a minor misspelling so it looks legitimate.
Another trick is ‘man-in-the-middle’ in which they setup a fake login-screen and pass through the MFA details. We’ve outlined sone of the ways that MFA can be overcome such as ‘fatigue’ or similar fake sites (but MFA still incredibly important).
By impersonating a senior exec on an email address that looks legit, and getting involved in conversation, the perpetrator can uncover other names, learn about the organisation and even learn to mimic the language styles used.
So, the news is that hackers can move faster than ever.
You might be headed into a meeting with everything being normal, only to find that while you were busy doing business, the hackers were setting up an attack on your business and using machine-learning AI tools to go faster and do more damage than you could imagine. The evidence shows this isn’t a theory, it’s the reality.
It can happen at any time. The internet and the cloud means your systems and data are exposed around the clock.
That’s why we’ve just completely reviewed and refreshed our KARE support service. Our new plans are available now and we are no longer offering our older ones because, frankly, they don’t offer the necessary protection for the cyber-threat landscape as we see it in 2023.
In this case, our EDR and 365 monitoring along with MFA management are key to keeping you, and your colleagues safe,
Refer: Microsoft: Business email compromise attacks can take just hours (bleepingcomputer.com)