Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label BEC 3.0. Show all posts

'BEC 3.0' Is Here With Tax-Season QuickBooks Cyberattacks

Researchers from Avanan, a Check Point company, have identified a new wave of business email compromise (BEC) attacks, which they refer to as "BEC 3.0." 

In these attacks, cybercriminals sign up for free accounts with legitimate services and use email addresses from domains that are unlikely to be flagged by scanning tools. This evolution in phishing tactics demonstrates how cybercriminals continue to adapt and evade security measures as detection improves. 

The Researchers have discovered evidence of similar attacks coming from PayPal and Google, as well as previous attacks from legitimate QuickBooks accounts. 

These attacks are coupled with carefully written and socially engineered emails that lack the typical bad grammar or typos found in phishing emails. This makes them more difficult for users to spot, as the sender's address, links, spelling, and grammar are all legitimate, deviating from typical phishing hygiene tricks. 

Phishing attacks remain a primary initial access vector due to attackers' increasing use of legitimate SaaS and cloud offerings, such as LinkedIn, Google Cloud, AWS, etc., to host malicious content or direct users to it. 

In the recent QuickBooks attack, victims are informed about the renewal of Norton LifeLock subscriptions and are prompted to call a phone number for verification or cancellation. This detail may not raise suspicion even among savvy email users, as Norton LifeLock is commonly used by both consumers and businesses. 

The phishing campaign in question not only harvests payment credentials but also victims' phone numbers for future attacks via chat apps like WhatsApp. The attackers are adept at creating messages that are convincing to end users and difficult for security protections to detect, as they come from legitimate sources like QuickBooks. 

By placing malicious content within a safe receptacle, such as a legitimate website, the attackers can easily evade detection by security services. Standard checks like domain, SPF, and DMARC may not be effective in detecting these attacks, making them highly deceptive and challenging to prevent. 

To counter the evolving tactics of attackers in phishing attacks, organizations need to enhance their security protections and educate employees about new types of phishing attacks, such as BEC 3.0. This may involve changing the approach to employee education, such as being cautious of all links and verifying phone numbers through Google searches. 

Implementing policies for independent verification of actions requested in BEC emails and data-protection policies can also help detect suspicious activities. Additionally, utilizing browser security that traces links through their intended actions can be beneficial in preventing compromise from advanced phishing attacks.