Understanding Payload-Less Email Attacks

Emails have long been the chief attack vector for cyberattacks. Email-based attacks basically come in the form of phishing links or malicious files, tricking victims into clicking them. Nevertheless, in the current threat landscape, threat actors evade detection by avoiding the use of malicious files in their attacks. Instead, these attacks have become extremely sophisticated using social engineering techniques. The most significant among these attacks is Business Email Compromise (BEC) or Email Account Compromise (EAC).

The big picture

BEC or EAC does not require any phishing links, malware, or ransomware. The content of the email is simple and the attacks are customized for the victims. This results in a rise in losses even though employees possess general email-security awareness. 

  • For instance, the Florentine Banker gang managed to trick three British private equity firms into transfering them a total of $1.3 million, by impersonating a closed investment deal with a few startups.
  • Last December, another similar man-in-the-middle attack was conducted, resulting in the theft of $1 million from a Chinese venture capital firm.

Some statistics your way

  • According to an FBI report, the past 2 years witnessed an increase in financial losses by 136% from BEC attacks alone.
  • The month of April 2020 saw a 90% increase in COVID-19 related email attacks, along with an increase of 150% in COVID-19 themed spam.

How to stay safe

  • Conduct identity modeling of both external and internal customers, vendors, and partners.
  • Make relationship graphs to comprehend the strength, tone, and content of the communication.
  • Use threat intelligence, deep URL analysis, and natural language processing to perform email content analysis.

With an increase in sophisticated email-based attacks, it is the need of the hour for security teams to shore up their defensive techniques too. Instead of relying on conventional threat indicators, security teams need to leverage techniques offering a better comprehension of the communication context.