Wednesday, September 30, 2020

The Week in Breach: Featured Threat

Business Email Compromise is a Messy, Expensive, Preventable Disaster

Securing highly privleged executive and administrator accounts has to be a high priority for every business

Business email compromise is a nightmare proposition for any company. Trading firm Virtu Financial learned that lesson the hard way in May 2020 when it lost it lost $6.9 million in a nasty incident. 

The scam took off when a hacker accessed the email account of one of its executives, reading and analyzing that account’s email for at least two weeks. In phase two, the hacker altered the account’s settings and started sensing out their own fraudulent emails. 

The cybercriminals involved then moved into phase 3 of the scam. After monkeying with the inbox rules to hide certain messages from being seen by the account owner they sprung the most important phase of their plan: sending a series of emails to the company’s accounting department asking it to issue two wire transfers to banks in China. 

The accounting department didn’t see any red flags, and the two transfers, totaling about $10.8 million, were sent in due course in late May 2020. Shortly after the transfers were made, a routine audit clued accounting staffers into possible trouble but the damage was done, and Virtu Financial was only able to freeze $3.8 million of the money.

This whole nightmare stemmed from a single compromised executive email account. While the integrity of every credential is important to maintain security, executive and administrator credentials can cause the most damage to a company, as Virtu Financial learned to their peril.

It’s essential that every account for every user is under the umbrella of a strong secure identity and access management solution to prevent these incidents. Account compromise like this is frequently the result of a password compromise. 

No matter how it’s obtained, whether it’s through spear phishing or it’s a lucky break from a credential stuffing attack, that compromised executive password can be neutralized when a second credential is needed to login to the endangered account. Plus, secure shared password vaults enable companies and IT teams to keep passwords for essential systems and access points especially protected. 

Secure identity and access management was cited as the top priority of CISOs in a recent study on 2021 cybersecurity planning, and one reason it tops the list is that it goes a long way toward preventing disasters like this. Add Passly to your security offerings now to be ahead of the curve when it comes to securing your clients against business email compromise.

Bit by bit helps client networks run smooth and secure.. visit our website at 877.860.5863

No comments:

Post a Comment