Page 59 - Cyber Defense eMagazine - November 2017
P. 59

BUSINESS EMAIL COMPROMISE (BEC) IN FULL FORCE

               & EFFECT



               ANOTHER UNIVERSITY’S EPIC FAIL



               by DRP; Cybersecurity Lab Engineer


               There have been few attacks in the last five years that have been more success overall and on
               average than the phishing campaigns that have run rampant through the global email systems.
               The users seem to want to click, click, click, and click again on the links and images. In the
               newer variants, the user is directed to a URL to enter into their web browser as an additional
               attack vector. This may be directly noted in the email, or a PDF that is partially obscured, with
               the URL to venture to in order to retrieve the document intended for the user.

               The  corporate  environment  can  introduce  and  have  training  on  what  to  be  wary  of  in  these
               emails, forward email alerts to current scams with or without examples, posters at the offices
               and cafeteria stating the obvious things to look for, and unfortunately there will be a subset of
               users that will click or click multiple times on a phishing email.


               After this activity, the user may feel embarrassed or they will be ostracized and not immediately
               tell the InfoSec team, which only further exasperates the situation. The general format for these
               attacks  have  been  general  phishing  or  spear  phishing  emails.  There  are  subtle  varieties  of
               these, modifying the target or delivery, however the intent and initial delivery methodology are
               mundane.

               With the overall phishing campaigns, one form has been exceptionally profitable for the phishers
               in  the  last  three  years.  The  emails  do  have  to  be  customized,  however  it  merely  takes  on
               hapless finance or accounting staff member to ruin the week or quarter by relying on this. The
               amounts fraudulently obtained have ranged from tens of thousands of dollars to several million.

                                                               rd
               Here comes MacEwan University. On August 23  of this year, the University detected the issue.
               The  phishers  sent  a  series  of  emails  which  convinced  the  staff  to  change  the  bank  routing
               number  from  the  one  they  had  been  using  for  one  of  their  primary  vendors.  The  phishers
               worked to take the identity of the University’s primary vendor through a series of emails.

               The end, detrimental result was $11.8 million in Canadian dollars of the University’s funds were
               transferred  to  a  Canadian  bank  and  subsequently  to  Hong  Kong. This  is  not the  smallest  or
               largest sum fraudulently obtained via this form of attack, however it is rather significant.






                   59    Cyber Defense eMagazine – November 2017 Edition
                         Copyright © 2017, Cyber Defense Magazine,  All rights reserved worldwide.
   54   55   56   57   58   59   60   61   62   63   64