BEC Scams Cause Enterprises Loss Of $3 Bn In 2016: Trend Micro

by CXOtoday News Desk    Sep 07, 2016

Ransomware The fiscal year 2016 has proven to be a year of online extortion through various malicious attacks. The ransomware malware has targeted over 180 enterprises so far in 2016, security solutions company Trend Micro said. The company in its latest report revealed that ransomware globally caused companies a loss of a whopping $3 billion. 

Ransomware is also called Business Email Compromise (BEC). BEC schemes are scam tactics which compromise business accounts in order to facilitate an unauthorized fund transfer and is considered one of the most dangerous threats to organizations.

In total, 79 new ransomware families were identified in the first six months of the year, which surpasses the total number of new families found in all of 2015. Both new and old variants caused a total of $209 million in monetary losses to enterprises globally. However, no India specific statistics have been provided in the report. Ransomware attacks found in the first half of 2016 - like BEC scams - originated from emails 58 percent of the time.

“While it’s unfortunate for us, cybercriminals are resilient and flexible when it comes to altering an attack method each time we find a patch or solution,” said Ed Cabrera, Chief Cyber security Officer for Trend Micro, in a statement.

“It bodes well for businesses to anticipate being targeted and to prepare accordingly, implementing the latest security solutions, virtual patching and employee education to mitigate risks from all angles,” he added.

Also Read: Is Indian Govt Ready For Ransomware Attacks?

The effectiveness of BEC scams lies in the techniques employed against its preferred targets. Attackers are able to deceive victims by combining their knowledge of social engineering techniques and well-researched information about the target.

Once attackers had picked someone of authority to spoof, their next move would involve tricking their victims to permit a fund transfer to serve as payment for an invoice or perhaps a legal settlement.

“An effective way to defend against BEC scams should be a mixture of proper employee education and security solutions that will help identify threats even before they reach a person’s inbox,” the report said.

An email solution that is able to flag social engineering techniques is needed to effectively block malicious email messages that are used in BEC campaigns, it added.