J2 Software supports global reports of alarming increase in numbers of e-mail attacks: South Africa is no exception
Unquestionably the insider threat is real and most cyber attacks are a result of someone who is already inside the firewall, says John Mc Loughlin, MD, J2 Software.
On the 11th June, 2018, it was reported that the FBI had made 74 arrests in a global crackdown on e-mail fraud scams, in which criminals have attempted to steal billions of dollars from businesses and individuals. J2 Software notes South Africa is not immune.
John Mc Loughlin, MD, J2 Software, says this growing trend can be attributable to clearly identifiable factors and particularly with e-mail scams many companies resort to blaming the user and not looking at the bigger picture.
"The reports surrounding this latest swoop by the FBI highlights cases involving a growing type of fraud known as business e-mail compromise.
"This type of scam targets employees with access to corporate finances. Criminals send e-mails that appear to be from trusted sources like corporate executives or vendors instructing targeted employees to wire funds to accounts controlled by them," says Mc Loughlin.
He expands that real visibility provides insights into actual behaviour.
"In the last few days alone we have seen a newly styled e-mail-borne attack that alerted us to a problem on one of our customer's user's inbox. It was well crafted, addressed to the user, highly targeted and well researched. It was an exceptionally devious attack."
Mc Loughlin says the first e-mail approach from the criminals came from what appeared to be the CEO, instructing the user to interact with a new entity.
"Minutes later the second e-mail arrived from the third party instructing the user on how to move ahead. Luckily our customer's employee was not duped, knowing the policies, procedures and armed with cyber security awareness, the attack was destroyed before it even began. The attack type, mail address and formats have been added to our library of threat intelligence to ensure prevention in the future," says Mc Loughlin.
He concludes that the truth is that if this attack had presented a year ago the result would have been quite a different matter. They would have been breached and they would have lost the money.
"One of the things companies must stop doing is simply to blame the users. Unquestionably the insider threat is real and most cyber attacks are a result of someone who is already inside the firewall. With no awareness, visibility and no support from the professionals, it is like giving a man a knife and sending him into a gun fight."