Sydney hospital loses $2 million in alleged BEC fraud
A Sydney hospital lost $2M in a BEC scam. Learn how to protect your business with MFA, email authentication, and robust financial controls.
Barely a day goes by without headlines shrieking of yet another massive ransomware attack. The criminals behind these attacks seem to be getting more audacious with every successful exploit. Ransomware threats are escalating beyond everyone’s expectations.
Just in the last couple months we have seen US-based Colonial Pipeline pay $US4.4 million to ransomware attackers. This was quickly followed by global meat group JBS forking out an $US11 million ransom payment. However, these sums are dwarfed by the eye-watering US$50 million (reduced from US$70 million) being demanded by Russia-based REvil ransomware gang to supply a universal decryption key to unlock all organisations impacted by the Kaseya attack.
There is no doubt that ransomware attacks represent a major threat. Apart from resulting in crippling costs and major disruption that can destroy businesses, governments around the world are also increasingly worried. When ransomware gangs turn their attention to critical infrastructure, they have the ability to bring an entire country to its knees.
That risk has Australian policymakers deeply concerned. In an effort to stem the tide of ransomware attacks against Australian organisations, which have reportedly increased by 200 per cent in recent times, the Government has launched its Act Now Stay Secure public awareness campaign. Proposed legislation would empower Government agencies to lead incident response efforts in the event of an attack against a private organisation that impacts the nation. The Opposition is calling for mandatory reporting of ransomware attacks and the insurance sector is warning that it will no longer be able to reimburse policyholders that make ransom payments to cyber criminals.
With all this focus on ransomware, one could be forgiven for thinking that it’s the only threat businesses face. However, the evidence indicates otherwise.
According to the FBI’s recent Internet Crime Report 2020, Business E-mail Compromise (BEC) attacks are significantly more costly than ransomware. In the United States, there were 19,369 reports of BEC attacks, costing approximately US$1.8 billion. In contrast, there were 2,474 ransomware reports, costing approximately US$29 million in 2020.
Based on these figures, it would seem that BEC attacks cost 64 times more than ransomware attacks.
Even taking into account the fact that these statistics only account for reports to the FBI via the IC3, and many organisations remain reluctant to report ransomware incidents, there’s no doubt that BEC attacks are a major threat to many organisations.
With mounting evidence pointing to the huge costs of BEC attacks, some are starting to question whether there is a disproportionate focus on ransomware.
BEC attacks are launched by sophisticated cyber criminals. Like ransomware gangs, they possess mature attack methodologies. Both BEC attackers and ransomware gangs are often financially motivated. Both types of attacks can be crippling for victims. Yet the focus of policymakers, cyber security professionals and the public more broadly, seems to be overwhelmingly on ransomware.
However, ignoring the threat posed by BEC attacks is a huge mistake.
Whereas ransomware is often perceived to require technical solutions that prevent malware infecting networks, the reality is that both ransomware and BEC attacks seek to exploit human error. In BEC attacks, the criminals compromise email accounts, which they use to deceive Accounts Payable (AP) teams into transferring funds to a bank account controlled by the attacker. In many ransomware attacks, the ability to infect a network with malware often starts with an employee accidentally clicking on a link or opening an attachment in a malicious email.
In other words, both ransomware and BEC attacks target people as the weakest link in an organisation’s armoury.
If, as a society, we collectively manage to stem the ransomware tide, it won’t suddenly mean the ransomware gangs disappear. It is highly likely they will shift focus. Many could turn their attention to BEC attacks as a lucrative alternative attack vector.
Therefore, whilst additional efforts are undoubtedly required to stop ransomware, we simultaneously need to be adopting strategies that undermine the BEC business model.
eftsure is a unique fraudtech platform that enables you to verify the banking details you are using to process EFT payments to suppliers. This is achieved by cross matching the banking details against a database comprising in excess of 2 million Australian organisations.
By verifying that the supplier banking details in your possession align with those used by other organisations to pay the same supplier, you gain assurance that you are paying the intended recipient.
This critical verification step is required because the banks are unable to align the Account Name with either the BSB or Account Number, creating a security gap that can be exploited by malicious actors to deceive your AP team. By plugging this security gap, eftsure is uniquely able to undermine the BEC business model.
Ultimately both ransomware and BEC attacks are growing threats. The path to security requires organisations to possess the ability to simultaneously counter both threats. Contact us today for a demonstration of how eftsure can help you mitigate the risk of BEC attacks.
A Sydney hospital lost $2M in a BEC scam. Learn how to protect your business with MFA, email authentication, and robust financial controls.
CFOs, beware: cybercriminals are exploiting DocuSign’s legitimate business tools to deliver fraudulent invoices directly through trusted channels. This scheme is particularly dangerous …
Because LinkedIn is used as a professional networking platform, account holders don’t use the same caution as they would on Facebook or …
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.