<img src="https://certify.alexametrics.com/atrk.gif?account=kla4t1zDGU20kU" style="display:none" height="1" width="1" alt="">
Contact us
Free Quickscan →
Cybersprint Digital Risk Protection Platform

The Cybersprint Platform

We’ve developed a unique Digital Risk Protection SaaS-platform that works 24/7 as an automated ethical hacker, continuously in search of online vulnerabilities. Read more

Cybersprint provides realtime insights

Make the world more cyber-secure

Cybersprint protects organisations by providing real-time insights into their online footprint. Read more

close

How to prevent CEO-fraud with your digital footprint

by Sebastiaan Bosman Blog 21 Jul 2020

CEO-fraud is the most common form of cyber-crime to target businesses worldwide. It’s now a 26-billion-dollar scam and continues to grow rapidly, with a 100% increase between 2018 and 2019. Creating awareness among employees is critical, but doesn’t offer full protection. What technical measures should you take to prevent a CEO-fraud attack at your organisation?


What is CEO-fraud?

CEO-fraud is an impersonation attack in which a criminal pretends to be a high-level executive or a third party, for example. They usually send an email to an employee telling them to transfer a sum of money to a specific account. An added time pressure, demand for confidentiality and authoritative “don’t ask questions, just do it”-message can persuade the employee to follow the instructions.

Still, criminals will have to technically prepare the attack to increase their chances of success. This gives IT security professionals the opportunity to identify an upcoming attack and take preventive measures before the attack is launched. This blog describes a criminal’s general preparation techniques, and how digital footprint monitoring can minimise the impact.

An organisation’s digital footprint is based on observable data solely. We define the digital footprint as a brand’s presence on the internet, be it in infrastructure, servers, online services, domains and applications, or on social media and appstore-channels, etc. Mapping the digital footprint allows IT specialists to see beyond the perimeter, make attack infrastructures and shadow IT visible, and identify and mitigate any vulnerabilities in their systems.

Deconstructing CEO-fraud

First, criminals use a variety of publicly available sources (OSINT) to gather information on the organisation and its people. It focusses on two aspects: the people and the processes. What is the hierarchical order, who is responsible for certain projects, what are the connected third parties, who to impersonate, and who to target? This is called social engineering.

As for the processes, what are the usual procedures in place when communicating with colleagues and third parties? How is the email infrastructure designed? Via which channels is money transferred? Criminals will try to convince their target to circumvent these official processes to increase their chances of success.

The collected data is the input for their attack plan and to create the most convincing message.

Digital footprint solutions:

  • Be aware of the web pages displaying information about the organisation and its people, and who can access these pages.
  • Monitor social accounts to detect information leaks and identify accounts with a suspicious interest in the organisation.

When an employee is deceived into following the instructions,
criminals are more likely to repeat the attack with the same victim 

When cyber-criminals have created a picture of the organisation’s people and processes, they basically have two options for the next stages:

a.   Spoof existing email addresses;
b.   Set up a fake domain imitating the brand.

If criminals have discovered a vulnerability in your email settings, they can exploit that to determine the organisation’s email naming convention, i.e. the way email addresses are constructed, such as e.xample@organisation.com. With this information, they can imitate existing email domains to send messages, making it seem as if the message originates form a reliable source within the organisation or from a third party.

Digital footprint and Digital Risk Protection solutions:

  • Finding and repairing vulnerabilities in the organisation’s email security footprint and setting up tools such as DMARC, SPF and DKIM will help keep malicious emails from reaching employees.

If internal email security is more difficult to exploit, criminals can also register a domain name which closely resembles the brand’s domain name or that of a third party, but might differ in just one character. Next, they create a fake website and set up a near-identical email domain. If their victim only glances over the sender’s email domain, he/she is less likely to identify the threat and fall for the scam.

Digital footprint and Digital Risk Protection solutions:

  • Conduct automated scans to find all brand-related web pages and identify which do not belong to the organisation. It’s vital to scan without a pre-defined scope, or external domains and malicious social accounts might not be found.
  • Find newly registered domains by automatic detecting a brand’s name, logo, and slogan.
  • Continuously monitor the fake websites before they are weaponised. The collected evidence supports a Notice and Takedown procedure.

Zero-scope digital footprint monitoring

Having an impenetrable firewall is not enough to keep criminals from their intended goal. However, their chances of success can be significantly reduced by incorporating zero-scope digital footprint monitoring into your existing security processes. Identifying your organisational exposure and vulnerabilities in IT systems, as well as unveiling the preparation stages of incoming attacks over multiple channels will limit the risk and impact of a CEO-fraud attempt.

How to prevent CEO-fraud with your digital footprint

CEO-fraud is the most common form of cyber-crime to target businesses worldwide. It’s now a 26-billion-dollar scam and continues to grow rapidly, with a 100% increase between 2018 and 2019. Creating awareness among employees is critical, but doesn’t offer full protection. What technical measures should you take to prevent a CEO-fraud attack at your organisation?

read more

Mitre PRE-ATT&CK: What is it and how to use it

One of the best ways to improve your digital security is to let the past help prepare you for the future. Knowing the tactics threat actors have used in other cyber-attacks will help you determine what you should protect your systems from. Luckily, you needn’t figure that out by yourself. Mitre has created frameworks of the many different ways cyber-attacks have been orchestrated in existing use cases. Here’s how you can use this information to strengthen your cyber-resilience. What is the Mitre PRE-ATTACK framework? Mitre is an American organisation conducting federal-funded research into various markets with the aim to create a safer world through their research. Cybersecurity is one of those markets. To help organisations understand where their might need to focus more security resources on, they created two matrices of all techniques cyber-criminals have used to set up and execute attacks in the past. These are called the ATT&CK and the PRE-ATT&CK frameworks. Even though the ATT&CK framework is most well-known, we see a shift occurring, as PRE-ATT&CK is starting to step out of the shadow of ATT&CK with a more specific focus. Whereas the ATT&CK framework concentrates on the steps taken once an attack is launched, the PRE-ATT&CK framework focusses on the preceding preparation phases, allowing organisations to predict and prepare for attacks before they happen. Mitre’s frameworks match with other models, helping to frame the extensive matrices. To illustrate how PRE-ATT&CK differs from ATT&CK, we’ve plotted the frameworks in the ‘7 stages of the cyber kill chain’, as created by Lockheed Martin. All steps needed to execute a cyber-attack can be divided over these seven stages. As shown below, the first two stages are broadly covered by Mitre’s PRE-ATT&CK, and the other five by the ATT&CK framework. How to apply PRE-ATT&CK Preventing an attack is far more cost-effective than having to repair damages to IT systems, let alone the financial or reputational impact it can have. It is hard and expensive to determine the impact of an attack with IT forensics and replacing infected systems can have a negative effect on overall business productivity. Incorporating an automated outside-in perspective of your brand’s online exposure allows you to discover vulnerabilities in the same way an attacker might look for entry points into your IT infrastructure. This approach empowers you to regain control over your digital attack surface and mitigate risks before they can be exploited. This approach is called digital footprint management and can be placed under the concept of Digital Risk Protection. Below is an overview of Mitre’s PRE-ATT&CK framework. The complete matrix is a little too large to be read in detail, so a deep dive into the content is available via this video. The highlighted fields represent the areas covered by Digital Risk Protection and digital footprint monitoring. The light green indicates partial coverage and deep green full coverage. Combining the PRE-ATT&CK framework with your existing security procedures can help you identify potential threats and weak spots in your systems. Still, you first need to have a complete overview of your organisation’s digital assets before you can confidently say where you are more likely to be hit. That’s why the digital footprint approach works so well with PRE-ATT&CK. Having both will help you determine and validate where you might have underspent or overspent on security measures, for example. Besides improving the cyber-resilience of your systems, incorporating the Mitre PRE-ATT&CK framework in the organisation’s digital footprint will bring more business value to the organisation as a whole. This whitepaper explains the PRE-ATT&CK framework in more detail, and describes the specific ROI for your organisation. Looking for a comprehensive clarification of the security tactics described above, explained with actual use cases? Watch our recorded webinar. Sebastiaan Bosman is Content Marketeer at Cybersprint. With a   background in Communications and Linguistics, he is responsible for   the creation and editing processes of most internal and external   communication. He writes content such as blogs, whitepapers and   case studies, primarily based on Cybersprint’s own research data.   Previously, Sebastiaan worked as Content & Communications   Advisor at ING Global.

read more

From practice to preventing: How criminals adapt their attack methods

Similar to traditional ‘brick-and-mortar criminals’, not all cyber-criminals employ the same method to reach their goal. A burglar wouldn’t enter a house with an alarm or when there are people inside, but go for an easier opportunity. The same goes for internet-thieves. Their risk/reward balance depends on the required investment beforehand to successfully carry out their attack. What are the aspects they take into consideration?

read more

Do you have a question?

Our experts have the answers

Contact us