Using AI to protect against BEC attacks

With no payload to detect, how best can organizations protect themselves from Business Email Compromise and other social engineering attacks?

by John Stevenson

Sometimes the simplest frauds are the most successful. Some years ago, local authorities in the UK were targeted by a series of just such frauds. The modus operandi of the criminals was to masquerade as legitimate suppliers of building maintenance services and contact local authority finance departments, requesting their regular payments be made to new bank accounts. The tools of the trade? Letterheads and faxes.

Roll the clock forward. Now, cybercriminals are using similarly simple techniques to conduct social engineering attacks against organizations with equally successful results as the latest report from Osterman “Phishing, BEC and Ransomware Threats for Microsoft 365 Users” clearly shows.

Social engineering 

From Business Email Compromise (BEC) and Email Account Compromise (EAC) to Account Takeover (ATO) attacks, experts calculate as much as 91% of all cyberattacks start with a social engineering emails (Deloitte 2020).

Despite best efforts, these attacks keep on getting past traditional email security defenses and into users’ inboxes. Managing the problem is time-consuming, costly and a waste of valuable technical expertise. So how do you stop these attacks?

Protect the Inbox

For over 25 years the cybersecurity industry has focused on trying to protect email users by defending the network perimeter with a Secure Email Gateway (SEG) but evasive social engineering attacks have always found their way past these defenses.

For more information on the short-comings of perimeter email security, read our threat intelligence report, “Beyond the Email Perimeter

Now Microsoft Office 365 email is used by the majority of organizations and though the security it offers is excellent, social engineering attacks continue to evade the native security controls and arrive in the inbox.

To prevent these attacks from being successful, organizations need to employ an Integrated Cloud Email Security (ICES) solution that works in the inbox itself, automatically detecting and remediating attacks.

Stop BEC, EAC, ATO, and attacks with no payload

Often, social engineering attacks have a payload – for example a phishing URL or a malware-infected attachment such as one containing ransomware. The latter tend to make the headlines when they succeed, but these attacks can be automatically detected and remediated in the inbox by the ICES if it is powered by real-time analysis and the very latest threat intelligence. But what if the attack has been carefully crafted so it doesn’t contain a payload?

Business Email Compromise (BEC), Email Account Compromise (EAC) and other social engineering email attacks don’t have an obvious payload. Instead, they rely on techniques of trickery and impersonation to succeed.

To combat them, look for an ICES that employs the very latest Artificial Intelligence (AI) techniques like Machine Learning (ML) and Natural Language Processing (NLP) detect and neutralize the attacks. An ICES which uses these techniques to analyze each message as it arrives in the inbox will stop this type of social engineering attack.

Cyren uses AI to stop evasive attacks

Cyren Inbox Security is an ICES that protects organizations from social engineering attacks like BEC, EAC, ATO, and imposter fraud, by working inside the inbox to find and automatically remediate messages irrespective of whether they have an obvious payload. It does this using a combination of machine learning, natural language processing, and heuristics to combat the threat.

In my next blog, we’ll look at how Cyren Inbox Security uses these techniques to examine the forensic evidence in social engineering attacks and automatically remediates them from the inbox.