Spam is a primary delivery tool for cyber crooks. (Duncan Alfreds, Fin24)
Cape Town - C-level executives are the main targets of spear phishing cyber scams which are aimed at stealing money from companies, an international survey has revealed.
Business email compromise (BCE) scams cost companies in excess of $2.3bn, an international survey has revealed.
Data from the US Federal Bureau of Investigation showed that 12 000 enterprises globally have been affected by spear phishing scams.
These cyber attack strategies rely of social engineering. A cyber crook typically sends an official-looking email to the finance department of an organisation demanding that payment be urgently made to a service provider.
According to data from security firm Trend Micro, chief executives are impersonated 31% of the time, followed by company presidents at 17% and managing directors 15%.
READ: Here's how cyber crooks target young and old
“The number of BEC victims increased by 270% during the first eight months of 2015, amounting to an average loss of $130 000 per scam,” said Trend Micro.
Predictably, the most targeted position for BCE scams are chief financial officers at 40.38%, followed by director of finance at 9.62%, and financial controller (5.77%).
Trend Micro also showed that subject lines in the attack email were simple. The most popular subject simply indicates a dated payment or transfer request.
“Despite the great impact BEC schemes have created, analysing the flow of the attacks reveal that its components are surprisingly trivial. Analysis of the email subjects used in BEC schemes revealed that most are simple and vague, at times composed only of one word,” said the security firm.
South African businesses are unprepared for the impact of cybercrime.
READ: SA business unprepared for cybercrime
“Worldwide, digital technology continues to transform the world of business by exposing organisations to a multitude of opportunities and threats. It is, therefore, not surprising that cybercrime continues to escalate rapidly, ranking as the second-most reported crime in South Africa,” said Graham Croock, director of IT Audit, Risk and Cyber Lab at BDO South Africa.
While banks dominate the financial eco-system, cyber criminals have realised that businesses offer lucrative returns for hacking.
“Although banks are obviously a lucrative target, criminals don’t target them exclusively. They target money,” Gerhard Oosthuizen, chief information officer of Entersekt told Fin24.
“One of the big new trends in 2016 is criminals going after individuals and businesses directly. Banks spend a lot of time focusing on and thinking of how they can protect their customers. With a direct attack on a non-bank entity, that additional protection layer is gone,” he added.
Trend Micro showed that cyber hacking tools are low cost for criminals, lowering the barrier for entry.
“Most malware used in BEC schemes are off-the-shelf variants, ones that can be easily purchased online for a cheap price. Some malware can be bought for as much as $50, while some are far cheaper, or even available for free,” said the company.
Prices for Backdoor tools range from HawkEye at $35 to Knight Logger at $25, while DarkComet is free. Malicious encryption tools cost between $25 and $60.
Trend Micro advised business executives to carefully check details on payment requests, verify vendors, and raise employee awareness among strategies to beat cyber crooks.
- Follow Duncan on Twitter