Abnormal Knowledge Bases: Using VendorBase to Prevent Vendor Email Compromise Attacks

Discover how Abnormal provides detailed risk assessments based on vendor email analysis with VendorBase.
December 21, 2022

Organizations spend hundreds of thousands of dollars increasing their security posture to protect against the constant threat of cyberattacks, all of which could cause financial loss, damage to brand reputation, or data loss. But what happens when attackers focus less on you and more on your supply chain? What can you do about the attackers who are targeting you, using real accounts of the vendors with which you do business?

Since its initial identification in 2013, executive impersonation has been the most popular type of business email compromise, as attackers often impersonate the CEO. But over the past few years, attackers have started adjusting their strategies—opting to impersonate third-party vendors and suppliers instead.

Supply chain email compromise, often referred to as vendor email compromise or VEC, is an attack strategy that involves the impersonation of a trusted vendor to gain access to company funds, intellectual property, employee information, or customer data. Attackers may use domain spoofing, user impersonation, or stolen credentials of compromised accounts to engage with organizations.

In January 2022, the number of attacks impersonating third parties surpassed those impersonating internal employees for the first time. This trend has continued each month since, with third-party impersonations making up 52% of all BEC attacks in May 2022. Part of this increase can be attributed to the fact that there are multiple ways for organizations to be targeted by vendors, including with aging report attacks and blind third-party impersonation using information gathered from the public domain.

How Abnormal Stops VEC Attacks

Abnormal’s approach to cloud email security goes beyond simply identifying your employees and assessing the risk for each one. Instead, Abnormal analyzes communications between all senders and recipients, including the vendors in your supply chain.

Using our behavioral AI, machine learning models, natural language processing, and computer vision, we can establish a baseline of communication patterns, track invoice information such as banking details, and analyze the relationship between vendor and organization. Our in-depth content analysis allows us to inspect every email's tone, intent, attachments, and URLs to determine the risk score of the message and provide a risk assessment of the vendor. By understanding normal behavior, Abnormal can detect when changes have occurred across the supply chain and use that risk information to make decisions on incoming messages.

Increase Your Visibility With VendorBase

Abnormal centralizes the email analysis information of your vendors in a Knowledge Base called VendorBase™. VendorBase is a global, federated database that tracks the reputation of every vendor across all Abnormal customers, providing deeper insight and visibility into each vendor’s email activities. By correlating data across all customers, Abnormal can detect when a vendor may be at higher risk for one customer and use that information to block emails from that same vendor for another customer.

Vendorbase1

VendorBase gives Abnormal customers access to the signals used as part of our behavioral AI for every vendor.

This includes:

  • Profile information

  • Relationship analysis, including vendor contacts and internal recipients

  • Common vendor locations and IP addresses

  • Risk assessment scores with in-depth insights

  • Timeline of malicious email activity, including attacks targeting the Abnormal community

In this example, you can see the information Abnormal has gathered about Prolia Systems.

Vendorbase2

The risk assessment of each vendor is computed using signals related to the vendor's identity and behavior, as well as the content of each message. It also includes reports from all Abnormal customers and uses the results as part of the risk assessment computation. This information is included in VendorBase and is available to all Abnormal customers.

Vendorbase3
Vendorbase4

How VendorBase Can Help Your Organization

Before VendorBase, organizations lacked a tool that would offer them clear visibility into the risk of their supply chain, making it difficult to detect email attacks. And because these attacks are often sent from legitimate vendor accounts, they can cause severe loss to organizations.

With Abnormal, preventing supply chain compromise is easy and does not require manual configuration. With our cloud-native, API-based approach, there is no delay in email delivery time, and all inspection and scanning are performed in memory.

Abnormal natively integrates into your cloud office environment, assesses signals about your employees and vendors, and continuously establishes baselines of “known good” behavior throughout the environment. When an email deviates from this baseline, Abnormal automatically remediates the message and thwarts the attack, protecting your organization from both vendor fraud and the full spectrum of attacks.

Want to learn more about VendorBase? Request a personalized demo today to see the product in action.

Abnormal Knowledge Bases: Using VendorBase to Prevent Vendor Email Compromise Attacks

See Abnormal in Action

Schedule a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

 

See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

See a Demo
 
Integrates Insights Reporting 09 08 22

Related Posts

B 1500x1500 Knowledge Base People Base L1 R1
Discover how Abnormal uses contextual, behavioral data to uncover anomalous activity across logins and devices with PeopleBase.
Read More
ABN B 12 2 22 Expanding our partnership L1 R2
Our partnership with Microsoft has created plenty of opportunities to celebrate. Here are some of the especially exciting moments from 2022.
Read More
B 1500x1500 5 key takeaways L1 R1
Ed Amoroso discusses the biggest security risks with cloud email and how to prevent them.
Read More
B Threat Intel Phishing Attacks HR Policies
Threat actors are capitalizing on the new year, posing as human resources officials to send credential phishing attacks.
Read More
ESG Blog
ESG’s technical validation proves the risk reduction capabilities of Abnormal Cloud Email Security.
Read More
CFO Cover
Industry-leading CFO Sam Wolff discusses spending on security technology in the current macroeconomic conditions.
Read More