Social engineering is present in 90% of phishing attacks Today. However, Business Email Compromise (BEC) attacks stand out in the cybercrime industry due to their emphasis Social engineering and the art of deception.
Part of what makes social engineering such an important part of BEC and other types of phishing attacks is its ability to manipulate human levers to achieve a desired outcome. Often, social engineers create a false sense of urgency, push victims into a heightened emotional state, or capitalize on existing habits or routines to get their victims to behave in a way that might otherwise be unusual.
By examining common social engineering tactics and prevalent threat groups, organizations can better defend against these attack vectors.
4 groups of threat actors to monitor
Social engineers often target corporate executives, senior executives, finance managers, and human resources personnel to gain access to sensitive information, such as Social Security numbers, tax returns, or other personally identifiable information. New employees, who may be more susceptible to checking for unfamiliar email requests, are also at risk.
To defend against BEC attacks, organizations must stay up-to-date on the latest threat intelligence and adversary activity. Below are four major threat groups that leverage social engineering and BEC to cause harm.
-
Eight Storms: This financially motivated collective of native English-speaking threat actors is known for launching wide-ranging campaigns that highlight opponent techniques in the middle (AiTM)., social engineering and SIM swapping functionality. First spotted in early 2022, the group initially targeted mobile telecommunications and business process outsourcing organizations with SIM swaps. However, it has since partnered with ALPHV/BlackCat, a human-run ransomware-as-a-service (RaaS) operation, to make a bigger impact.
-
Diamond sleet: In August 2023, Diamond Sleet conducted a software supply chain attack against German software vendor JetBrains that compromised servers for software creation, testing, and deployment processes. Because Diamond Sleet has successfully infiltrated construction environments in the past, Microsoft believes this activity poses a particularly high risk to affected organizations.
-
Sangria Storm: Also known as FIN, Sangria Tempest often targets the restaurant industry to steal payment card data. One of the group’s most effective lures is to accuse restaurants of food poisoning by sending a malicious email attachment with further details. This Eastern European group uses underground forums to recruit native English speakers and train them on how to get attention via email. Sangria Tempest managed to steal tens of millions of payment card data through this process.
-
Midnight storm: Midnight Blizzard is a Russia-based threat actor that primarily targets governments, diplomatic entities, non-governmental organizations (NGOs), and IT service providers in the United States and Europe. The group leverages Teams messages to send decoys that attempt to steal credentials from targeted organizations by engaging users and getting multi-factor authentication (MFA) requests approved.
How to protect yourself from social engineering fraud
Social engineering is generally a long scam. These types of attacks can require months of labor-intensive planning and research as adversaries try to build a solid foundation of trust with their victims. Once this trust is established, social engineers can manipulate victims into taking certain actions that would otherwise be out of character.
There are many ways organizations can protect themselves from social engineering fraud. First, employees should keep their personal and work accounts separate. When people use work email for personal accounts, threat actors can take advantage of this by impersonating these programs and trying to gain access to their business information. Organizations should also enforce the use of MFA, as social engineers often target login credentials. However, it is important to note that MFA is not a perfect solution. Attackers are increasingly using SIM exchange to compromise phone numbers used for MFA. Organizations can remedy this risk by using an authenticator app to link MFA to a user’s device rather than her phone number.
Next, organizations should educate users about the danger of oversharing personal information online. Social engineers need their targets to trust them for their scams to work. If they can find personal details from an employee’s social media profile, they can use those details to make their scams seem more legitimate.
Finally, protect company computers and devices with endpoint security software, firewalls and email filters. If a threat manages to reach a company device, protection will be in place to help safeguard your information.
Ultimately, social engineers are constantly looking for new ways to make their attacks more effective. By monitoring ongoing threat intelligence and ensuring defenses are up to date, organizations can better prevent social engineers from using previously successful attack vectors to compromise future victims.
– To know more Partner perspectives from Microsoft Security