One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8419043 |
| Date de publication | 2023-12-04 07:10:47 (vue: 2023-12-04 16:07:57) |
| Titre | Arrêt de cybersécurité du mois: Utilisation de l'IA comportementale pour écraser le détournement de la paie Cybersecurity Stop of the Month: Using Behavioral AI to Squash Payroll Diversion |
| Texte | This blog post is part of a monthly series exploring the ever-evolving tactics of today\'s cybercriminals. Cybersecurity Stop of the Month focuses on the critical first steps in the attack chain – stopping the initial compromise-in the context of email threats. The series is designed to help you understand how to fortify your defenses to protect people and defend data against emerging threats in today\'s dynamic threat landscape. The first three steps of the attack chain: stop the initial compromise. In our previous posts, we have covered these attack types: Supplier compromise EvilProxy SocGholish E-signature phishing QR code phishing Telephone-oriented attack delivery (TOAD) In this installment we examine a payroll diversion threat that Proofpoint detected during a recent threat assessment. We also cover the typical attack sequence of payroll fraud and explain how Proofpoint uses multiple signals to detect and prevent these threats for our customers. Background Business email compromise (BEC) continues to grow in popularity and sophistication. The 2022 FBI Internet Crime Report notes that BEC attacks cost U.S. businesses $2.7 billion last year. The global figure is no doubt much higher. Ransomware victims, in contrast, lost just $34 million. Payroll diversion is a form of BEC. Typically, employees who have direct access to fulfilling payroll-related requests are prime targets. In these attacks, a bad actor pretends to be an employee who needs to update their direct deposit information. The new information is for an account that the bad actor owns. Once the fraudulent request is complete, the lost funds cannot be retrieved by the business. Payroll diversion fraud isn\'t a new form of BEC, but the frequency of this type of attack is on the rise. Proofpoint continues to see this type of threat getting through the defenses of other email security tools. Across all of our October 2023 threat assessments, we found that more than 400 of these threats got past 12 other email security tools. There are a few reasons why it\'s difficult for a lot of email security tools to detect or remediate these threats. The primary reason is because they don\'t usually carry malicious payloads like attachments or URLs. They also tend to be sent from personal email services-like Google, Yahoo and iCloud-and target specific users. Notably, API-based email security tools that scan for threats post-delivery are the most susceptible to not being able to detect or remediate this type of threat. This partly comes down to how they work. In order for them to be effective, they need security and IT teams to manually populate them with a dictionary of possible display names of all employees, which is a very time-consuming effort that is hard to scale. To avoid this, many organizations simply choose to enable display name prevention for their senior executives only. But bad actors behind payroll diversion don\'t just impersonate executives, they target anyone in the organization who can access corporate funds. In our example below, an attacker took advantage of this exact weakness. The scenario Proofpoint detected a payroll diversion attempt where the attacker posed as a non-executive employee. The email was sent to the director of human resources (HR) at a 300-person company in the energy and utilities industry. The company\'s incumbent email security tool delivered the message, and its API-based post-delivery remediation tool failed to detect and retract it. The threat: How did the attack happen? Here is a closer look at how this payroll diversion scam unfolded: 1. The deceptive message: The attacker sent a request to update their direct deposit information from an account that appeared to be a legitimate employee\'s personal email account. The original malicious message delivered to the recipient\'s inbox. 2. Payroll diversion attack sequence: If the recipient had engaged, the attacker\'s goal would have been to convince them to trans |
| Envoyé | Oui |
| Condensat | $34 2022 2023 300 400 able above access account across actor actors address advanced advantage aegis against aims alert algorithms all alone also analysis analytic analyze another anyone api apis appeared are artificial assessment assessments attachments attack attacker attacks attempt authentication availability avoid awareness background bad bank based bec because becoming been before behavioral behind being below billion block blocking blog body book break business businesses but campaign can cannot carry case caused chain chain: chain chances choose claim clean clicks closer code combines combining comes commonality communication company complete compromise compromise condemn condemnation confidence constantly consumer consuming contacting contain contained context contextual continues continuously contractors contrast convince corporate cost cover covered create crime critical customer customers cybercriminals cybersecurity cyberthreat daily dangers data deceptive decipher defend defense defenses definitive deliver delivered delivery deposit described designed despite detect detected detection detection: determined dictionary did difficult direct director display diverse diversion diversions diversity don doubt down download driven during dynamic earlier ecosystem education effective effort email emails emerging employee employees enable energy engaged engineering engines ensure even ever evilproxy evolving exact examine example excessive executive executives explain exploring exposed extracts failed false fbi fidelity figure filtering financial first focuses form fortify found fraud fraudulent frequency from fulfilling funds gaps generate getting global goal google got greatly grow guide had happen hard has have heavily help helps here high higher how human icloud identify impersonate impersonated implement inbox incident including incumbent industry ineffective information initial installment intelligence intent internet interpret interprets isn its just keep landscape language large last learn learned learning led left legitimate lessons level like like: line longer look lost lot machine make malicious manually many may means measures message message: messages million millions minute mix month month: monthly more most much multiple must name names native need needs new noise non not notably noted notes number objective october offer often once one only open order organization organizations oriented original originate other outlines owned owns part particular partly partners past payloads payroll people person personal phishing platform point: popularity populate posed positives possible post posts potential pre present pretends prevent preventing prevention previous primary prime proactive proactively program proofpoint protect protection ransomware rare reason reasons receive recent recipient reduce related rely remediate remediated remediation remediation: reminder report request requests research resilient resources retract retrieved rise risk safe scale scam scan scenario security see seen sender senders senior sent sequence sequence: series services seven shows signal signals signature simply sits socgholish social solution solutions sophistication specific squash stack stand stay steps stop stopping stops strategy strong summary supplier sure susceptible suspicious tactics target targeted targets tasks teaches teams techniques telephone tend than that them them about these they threat threat: threats three through time toad today tone too took tool tools train trains transfer true two type types types: typical typically uncommon understand unfolded: unfortunately unlike unusual update urls use user users uses using usually utilities very victim victims visibility vital weakness what when where whether which who why within work worldwide would yahoo year your |
| Tags | Ransomware Tool Threat |
| Stories | Yahoo |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.