Webinar cover 3

Webinars

While you may be confident in your own email security, the truth is that your security is only as good as the security of your partners and vendors. Discover why vendor email compromise is such an important part of your security strategy.

Protecting Yourself From Your Supply Chain: A CISO Panel on Email Security

Supply Chain Compromise

Threat report 3

Threat Reports

Read the Q1 2021 threat report to learn the latest on vendor email compromise, including which scams are most successful and why the volume of attacks has grown so significantly.

Q1 2021: The Rising Threat of Vendor Email Compromise

Threat report 2

Attackers are leveraging social engineering to drive significantly higher engagement and account takeover. In the Q2 2021 threat report, Abnormal found that attacks are growing at significant rates, as threat actors leverage social engineering strategies to bypass SEGs and drive engagement.

Q2 2021: High-Profile Socially-Engineered Email Attacks Drive Record-High Employee Engagement & Fraud

Account Takeover

Business Email Compromise

Threat report 1

Cybercriminals upped their game over the last quarter—increasing the number of credential phishing attacks and account takeover attempts. In our quarterly threat report, Abnormal Security discovered significant increases in the number of brute force attacks and impersonation attempts.

Q3 2021: Account Takeover Attempts Rise 671%, Reaching Unprecedented Levels

Resource Center: CISO Guide to Supply Chain Compromise

Top Bar

Webinar with Graham Cluley | Gone Phishing? Don't Let Your Employees Bite

Learn how you can stop never-seen-before socially-engineered attacks, enhance your end-user experience and automate SOC operations.

See a Demo [no image]

B Gartner Highlights 1

Analyst Research

The Gartner Market Guide for Email Security explains what integrated cloud email security (ICES) solutions are and why they’re essential for modern enterprises. Download a copy now to learn why enterprises are moving away from the SEG.

2021 Gartner Market Guide for Email Security

Email Security

H1 threat report cover

From June-December 2021, Abnormal Security discovered that nearly all types of advanced email attacks grew  in frequency, with a new trend of phone fraud using email as the first contact.

H1 2022: Fraudsters Use Email in Phone Scams, Targeting 89% of Organizations

Resource 04 Threat Report

Threat Intel Reports

Our threat report on ransomware shares insight on attack methods, locations, payouts, and more across 4,200 victims.

The Evolution of Ransomware: Victims, Threat Actors, and What to Expect in 2022

Ransomware

Data sheet 2

Data Sheets

Abnormal Security's Integrated Cloud Email Security (ICES) blocks socially-engineered attacks that secure email gateways miss.

Integrated Cloud Email Security

Abnormal Platform

Webinar hacking tobac cover

Rachel Tobac talked to Abnormal Security's CISO Mike Britton about hacking, social engineering attacks, and how to protect your organization.

CISO Fireside Chat: Hacking and Cybersecurity in a New Era

Demo 2x 1

Demo

Protect your organization from the attacks that matter most with Abnormal Integrated Cloud Email Security.

Demo Request Page

Image

Schedule a Demo

Resource Center

Supply chain compromise attacks cost an average of $183.000. You should be prepared. 
In this white paper from Dr. Eric Cole at <a href="https://secure-anchor.com/about/" target="_blank" rel="noreferrer noopener">Secure Anchor</a>, learn how attackers leverage compromised accounts from vendors or partners to launch attacks that are specifically designed to bypass traditional email security. These attacks can cause substantial financial loss through invoice or payment fraud, or by providing access to the organization that results in a data breach.
Download this white paper to: 
<ul><li>Discover the various types of attacks launched from compromised vendors</li><li>Learn how these attacks are bypassing traditional email security</li><li>Understand which tools you can leverage to stop these attacks and protect your organization today</li></ul>
Fill out the form to receive your copy of the CISO Guide to Supply Chain Compromise today.
After reading this guide, you are eligible for .5 CPE credits through (ISC)².

Thanks for your interest in the CISO Guide to Supply Chain Compromise! <a href="https://cdn2.assets-servd.host/gifted-zorilla/production/files/CISO-Guide-Supply-Chain-Compromise.pdf">Click here</a> to download the PDF, or view the text below. To claim your (ISC)² CPE credit, please fill out <a href="https://docs.google.com/forms/d/e/1FAIpQLSeXpNB-pZ-mhmRUQCxme-d5JCj_4lDYyxVyRHiDBb2ypV5xfQ/viewform" target="_blank" rel="noreferrer noopener">this form</a>.

Supply chain compromise, sometimes known as vendor email compromise or VEC, is a significant security threat to enterprise organizations. This form of attack occurs when a threat actor gains control of a vendor email account and then uses it to steal money from known contacts. Supply chain compromise attacks are highly successful because they exploit trusted communications between vendors and customers through personalization and social engineering.
According to research from Abnormal Security, the percentage of companies that received a supply chain attack increased 156% from July 2020 to June 2021, as threat actors increasingly see communications between vendors and customers as the weakest link. Once they gain access to vendor accounts, it becomes easy to focus their efforts on supply chain attacks, as they are much more lucrative than traditional scams.
It’s clear traditional email defenses were not designed to stop socially-engineered attacks. Without a new approach, high-profile attacks such as SolarWinds and Colonial Pipeline, which we can surmise started with socially-engineered supply chain compromise campaigns, will continue to cause severe financial losses and reputational damage.

Supply chain compromise is not a monolithic type of attack and can take on many forms. Here are a few of the ways attackers leverage compromised accounts to steal money from organizations.
Invoice Fraud: The attacker uses the compromised account to send a fraudulent invoice. In many cases, this looks exactly like a real invoice and even includes the expected billing amount, as the attacker has access to the entire email account and can research past conversations. Typically, the only difference is that the banking details have been changed to an account in the attacker’s control.
Billing Account Update Fraud: Using the compromised account, the attacker sends a notice about a recurring payment or outstanding invoice, indicating that the recipient must update payment details to an account under their control. These attacks use similar phrases like “bank reconciliation audit” and needing to send money to a “secondary bank account.”
Payment Fraud: Payment fraud is defined as any compromised vendor email account that attempts to steal money and/or goods from a target through means that don’t involve a specific invoice or payment transaction. Payment fraud attacks can take different forms, including RFQ scams, aging report scams, or invoice inquiries, where the attacker asks for details about an upcoming payment.
RFQ Scams: 
An RFQ scam starts with the attacker emailing the supplier for a specific set of merchandise. After the vendor responds, an official-looking purchase order is then delivered containing the logo, contact information, and, most importantly, the delivery information for where the goods are to be shipped. Attackers will often use the real information of companies they have compromised in order to pass credit checks so they can receive the goods on credit. If successful, this concludes with the goods being shipped to the attacker (rather than the compromised vendor) and no payment is made for the goods in question.
It’s worth noting that supply chain compromise attacks can take many other forms and often do—these attacks can be part of larger credential phishing or account takeover schemes and can have dire consequences for both organizations involved.

The FBI’s Internet Crime Complaint Center (IC3) actively tracks financial losses from business email compromise (BEC) attacks, of which supply chain compromise is part. The 2020 Internet Crime Report revealed that BEC crimes cost businesses $1.86B, with an average of $96,000 per complaint. This data, however, is based on complaints after attacks were successful. According to research by Abnormal Security, the impact of supply chain compromise is much higher than the average BEC attack—likely because these attacks utilize compromised accounts and are thus much harder to detect.
<ul><li>The average potential cost of a supply chain compromise attack is $183,000.</li><li>Billing account update fraud is the costliest form, accounting for an average of $300,000 per attack.</li><li>The average potential cost of invoice fraud is $120,000 with a maximum of $466,000 identity and prevented. </li></ul>

To stop supply chain compromise, there needs to be a fundamentally different approach to the problem. The old approach relies on threat intelligence as a means of detecting and preventing all attacks. Unfortunately, threat intelligence has known limits to what it can stop.
Secure email gateways look for known bad or indicators of compromise, like bad reputation, suspicious links, or malicious attachments. But since supply chain compromise attacks do not make use of these tactics, they evade conventional defenses.
For many organizations, security awareness training is used to train employees to spot discrepancies so they can determine whether or not the email is fraudulent. However, with supply chain compromise attacks, the emails come from real accounts and contain legitimate business information, adding to the credibility of the request. As a result, employees find it difficult—if not impossible—to detect when a supply chain compromise attack is underway.
Additionally, real email accounts are sent from legitimate domains that are likely to pass email authentication protocols like DMARC. As a result, if they are compromised, the email attacks sent from the account will not be stopped by authentication defenses that look for misaligned DMARC configurations or domain spoofing.

Vec compromised account

To counter these highly sophisticated attacks through trusted communications, large enterprise organizations need the right technical controls to identify vendors that have been compromised. This approach includes:<ul><li>API Architecture: One that connects into Microsoft Office 365 and G Suite via an API, and in doing so, it gives a solution access to signals and data that are needed to detect suspicious activity such as unusual geolocations, IP addresses, mail rule filter changes, unusual devices, and more.</li><li>Behavioral Data Science Approach: A fundamentally different approach that leverages behavioral data science to profile and baseline good behavior to detect anomalies. Using identity modeling, behavioral and relationship graphs, and deep content analysis, a behavioral data science approach provides unparalleled detection intelligence to stop emails that include suspicious financial requests such billing account updates, suspicious links used to phish credentials from employees, and invoices that contain unusual amounts or never-seen-before bank account information.</li><li>Federated Database of Vendor Behaviors: One that continuously monitors communications between vendors and customers, and provides a real-time, stateful risk assessment enabling the behavioral data science approach to stop targeted and sophisticated supply chain attacks.</li></ul>

Supply chain compromise is a rising, financially damaging threat. By exploiting the trust organizations place in their vendors, these attacks dupe both humans and traditional email security tools that rely on threat intelligence. Stopping these attacks requires implementing a solution that can detect and interpret the thousands of signals available through an API that can indicate that these emails from compromised accounts are attacks. As Albert Einstein said, “we cannot solve our problems with the same level of thinking that created them."
Interested in stopping supply chain compromise? <a href="https://abnormalsecurity.com/demo?PS=organic%20website">Request a demo</a> to learn how.

CISO Guide to Supply Chain Compromise

Wave dark green 4 FINAL

B 03 25 22 CISCO Guide to VEC

White Papers

Homepage

Breadcrumbs

Abnormal Security provides advanced email security to prevent credential phishing, business email compromise, account takeover, and more.

Abnormal Security

Download the white paper to learn which types of fraud are encompassed in supply chain compromise and why it costs an average of $183,00 per attack.

description

generator

attacks, compromise, cause, launch, specifically, substantial, financial, loss, invoice, leverage, compromised, accounts, vendors, designed, bypass

keywords

https://optimise2.assets-servd.host/gifted-zorilla/production/images/resources/T-03.25.22-CISCO-Guide-to-VEC.png?w=1200&h=630&q=82&auto=format&fit=crop&dm=1649439749&s=1fec2f122a30ad3211b0d9b024eecae3

https://abnormalsecurity.com/resources/ciso-guide-supply-chain-compromise

referrer

robots

twitter:card

twitter:creator

twitter:description

https://optimise2.assets-servd.host/gifted-zorilla/production/images/resources/T-03.25.22-CISCO-Guide-to-VEC.png?w=800&h=418&q=82&auto=format&fit=crop&dm=1649439749&s=3c6675a9a244e77825be381d2052db2b

twitter:image

twitter:image:alt

twitter:image:height

twitter:image:width

twitter:site

twitter:title

{"title":{"title":"CISO Guide to Supply Chain Compromise | Abnormal"}}

Supply chain compromise attacks can cause substantial financial loss through invoice or payment fraud. Learn how and why attackers leverage compromised accounts from vendors to launch attacks that are specifically designed to bypass traditional email security.

B 05 03 22 Using Modern Email Security Webinar

Secure email gateways (SEGs) focus on searching for known bad domains, attachments, and links. But threat actors have changed their tactics—opting to deceive humans instead of technology. It’s time for a modern solution to the email security problem, one that detects and prevents these attacks.

Using Modern Email Security to Block What Your SEG Can’t

Resource 05 Webinar

With the rise of modern attacks such as supply chain compromise, executive impersonation, and account takeover, it's become obvious: the SEG no longer works. Learn what you need for complete defense in depth protection.

Is Your Secure Email Gateway Really Necessary? Blocking the Attacks Your SEG Never Could

Microsoft 365

B 03 21 22 CSC Customer Story

Customer Stories

While CSC Generation has robust security measures in place, unfortunately, the same couldn't be said for their vendors. To mitigate the risk of payment fraud via compromised vendor accounts, the organization added Abnormal to their security stack and the results spoke for themselves.

Abnormal Security Protects CSC Generation Retail Brands From Compromised Vendors

B 04 14 22 CISCO Guide to Phishing

Because phishing emails target human behavior, create a sense of urgency, and appear to come from trusted senders, they can be incredibly difficult to detect. Stopping them before they reach employee inboxes is the key to staying safe.

CISO Guide to Phishing

Colonial Pipeline. CNA Financial. Quanta. Even the NBA. Hardly a week goes by without a ransomware story hitting the news, as organizations worldwide are targeted by an attack. But are there more dangerous threats out there?

Ransomware and BEC in the Cyber Threat Landscape: Past vs. Present, Perception vs. Reality

Everise case study cover

By mid-2021, Everise had more than 11,000 employees to meet new demand for outsourced services. But the shift to remote work brought new email security risks. “Our people are good at what they do, but they’re not email security specialists, and attackers know that."

Everise Leverages Globally Dispersed Workforce to Deliver New Client Solutions

Resource 03 COATS

With Abnormal ICES layered over Microsoft Defender, Coats employees are free to focus on continuing the company’s 250-year tradition of innovation, rather than sorting through emails and trying to assess the risks.

Coats Optimizes Its Extensive Supply Chain Security, Protecting Customers and Vendors

Ransomware victims webinar cover

Ransomware has gotten a lot of attention in 2021, primarily due to the disruption attacks have caused to supply chains around the world. From Colonial Pipeline to Quanta, ransomware has made headlines and shows little sign of slowing down.

Ransomware Methodology, Victimology, and What to Expect in 2022

Threat Intel

Abonrmal overview cover

Abnormal provides a fundamentally-different approach to email security that precisely blocks all email attacks.

CISO Guide to Supply Chain Compromise

Download Now

See the Abnormal Solution to the Email Security Problem

Related Resources