We’ll start at the point where an adversary has successfully logged into a victim’s mailbox. Let’s talk through how things might play out before we describe some detection and testing options. We’re focusing on just one variant of email compromise in this article, namely those that involve an adversary who leverages email forwarding rules. An example, so we can show you how to detect bad things Whatever the actual numbers are, the damages caused by email schemes are right on par with those caused by ransomware-and therefore, we should probably make sure we’re not treating these email-based threats as an afterthought. Another oft-cited (but unsubstantiated) report estimates that ransomware might have cost as much as $20B in 2021. Cost estimates for ransomware, on the other hand, are all over the place, with the IC3 (almost certainly under-)reporting $30M in losses in 2020. The problem, quantified as best we canĪccording to the FBI Internet Crime Complaint Center (IC3), BEC alone cost victims more than $43B between June 2016 and December 2021-a figure that only increases when you combine it with other email-based threats. Additionally, we’re going to explain how you can leverage this telemetry source in your own environment, and we’ll also include some tests you can run to validate your detection coverage. Specifically, we’re going to talk about how Office 365 telemetry can help you detect email-based threats-and even more specifically about how we’re developing detection analytics that use Microsoft Unified Audit Logs to catch adversaries who attempt to forward email messages, a behavior associated with all variety of email-based threats and a wide variety of other attack techniques.
In today’s blog, we’re going to discuss the scope of email-based threats and offer guidance on what security teams can do about it. Despite costing companies untold billions of dollars every year, email account compromise (EAC), business email compromise (BEC), and other email-based scams garner less attention-from defenders and media alike-than costly and often high-profile ransomware attacks.
0 kommentar(er)
