Office 365 and G Suite fall prey to BEC

Microsoft Office 365 and Google G Suite Become Hot Targets for BEC

( 3 min read )

FBI Reports Suggest BEC should be treated as seriously as Ransomware

For businesses, the resource that needs to be protected with utmost care is capital. To that end, businesses that are aware of security concerns are often worried about protecting themselves against ransomware attacks, as these directly burn a hole in the company purse. We already discussed how costly a ransomware can prove to be, when we studied the case of the Texas School District and how they lost a staggering 2.3 Million USD to ransomware. Unfortunately, when it comes to cybersecurity, you really start to wish you had eight eyes like a spider, with the ability to keep a lookout on all fronts. The fact is, you cannot focus on one aspect of security and forget to pay attention to the rest. The case of the ongoing scams against Office 365 and G Suite in the form of BEC attacks is going to demonstrate exactly that.

The Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) has discovered ongoing scams that are targeting widely used tools provided by giants like Microsoft and Google. If you are a business owner, you likely have these two tools ready in your arsenal: Office 365 and G Suite. These hosted email tools are making business communication and storage easier and tenfold efficient. However, the IC3 warns that these two companies are at a high risk of Business Email Compromise attacks.

Between January 2014 and October 2019, the Internet Crime Complaint Center (IC3) received complaints totaling over $2.1 billion in actual losses from BEC scams targeting Microsoft Office 365 and Google G Suite.

-Statistics from the FBI

What is BEC?

Business Email Compromise is a targeted attack that typically affects small to medium sized businesses that perform a lot of wire money transfers or correspondence with people spread over large geographical areas. BEC attacks typically start through phishing emails or keylogger infection. The first phase of this attack consists of patient data collection. Criminals monitor email threads and get into the groove of the email correspondence practices themselves. Then, in the next phase, they start inserting themselves into the email threads. They pose as authoritative persons or decision makers. In conjunction with lookalike domains, a lot of care goes into ‘social engineering’ to make these demands seem authentic and real.

Some of the sample email messages have subjects containing words such as request, payment, transfer, and urgent, among others. The end goal here is to trick employees into taking decisions or release funds to fraudulent bank accounts.

The Office 365 and G Suite Scams

These tools are provided for storage and support for the voluminous email correspondence that comes naturally as a by-product of running a business.

These tools operate on their own set of protocols and standards. Some of them, like SMTP or IMAP, are on the verge of becoming archaic, but are still in use because the simple truth is, they work, and no one wants to disturb them. Cybercriminals are aware of this and have been exploiting this chink in the armour to launch BEC attacks.

One of the preventive measures suggested by IC3 is MFA, or multi-factor authentication. MFA can be viewed both from the perspective of organisations and the admins of hosted emails. There are security settings from both ends that can be enabled to provide some level of preliminary security.

  • For organisations:
  1. Enable multi-factor authentication for all email accounts
  2. Verify all payment changes via a known telephone number or in-person

 

  • For Hosted Email Admins:
  1. Prohibit automatic forwarding of email to external addresses
  2. Add an email banner to messages coming from outside your organization
  • Ensure mailbox logon and settings changes are logged and retained for at least 90 days
  1. Enable alerts for suspicious activity such as foreign logins
  2. Enable security features that block malicious email such as anti-phishing and anti-spoofing policies
  3. Configure Sender Policy Framework (SPF), Domain Key Identified Mail (DKIM), and Domain-based Message Authentication Reporting and Conformance (DMARC) to prevent spoofing and to validate email

 

Logix Infosecurity: Your trusted vendor

Being in the Messaging Business for over 18 years, Logix is honoured to be associated with Microsoft as Microsoft® Gold Partner and Cloud Solution Provider (CSP). The CSP program allows us to sell Microsoft cloud services along with our own offerings and services, letting Logix own the complete customer lifecycle through direct billing, provisioning, management, and support of Office 365 & Azure Cloud.

Our Cloud Zimbra – G-Suite Hybrid setup gets you the best of both worlds by letting you choose Cloud Zimbra for general users and G-Suite for Power Users, sharing the same domain, thus lowering the TCO up to 36%.

Make a wise decision about your vendor today and enjoy security assurance in the long run.

Leave a Reply

Your email address will not be published. Required fields are marked *