Abnormal published a detailed blog post discussing a Vendor Email Compromise (VEC) attack with a 36 million dollar impact that was detected by its platform. In textbook fashion, the attacker impersonated a senior leader at a third party vendor that had a long-term relationship with the target and attempted to further gain legitimacy by cc’ing a peer business in the same sector. The spoofed emails utilized addresses with a “.cam” (not “.com”) domain, which had been set up less than a week prior to the attack. Furthermore, the fake invoice and wiring instructions contained subtle discrepancies.
The high value of this attack makes it so notable, as otherwise it utilizes common VEC tactics. However, even using a textbook VEC attack chain, attackers continue to have great success with this method. Attackers depend on the trust established with a third party to lower the employees’ guard and ensure minor variations are overlooked. With email being one of, if not THE most used platform in business today, it’s no wonder cyber threat actors favor it as an initial attack vector. Likewise, email is arguably the most effective method for them to exploit/social engineer the human through various phishing techniques – which is easier than exploiting technical vulnerabilities to compromise the computer. Countering this tendency requires organizations to have established policies for wire transfers in place that reduce the potential for human error. Likewise, it may be prudent to educate staff about impersonation-style attacks and continue reminding them about VEC as part of security awareness training and recurring education. Read more at Abnormal.