Airzero Sec

We Do Not Give Up ! Trust US !

  • Compromise in Business Email

We've all heard that malicious actors are actively using e-mail scams to defraud government agencies, small and large businesses, and their victims. Most corporate financial transactions are now digital, which has resulted in an increase in financial crime, primarily due to cyber fraud.

The term "Company Email Compromise" refers to a variety of malicious activities, but all types of BEC have one thing in common: they require access to or impersonation of a business email account.

What Exactly Is BEC?

Business Email Compromise (BEC) is a type of targeted scam in which an attacker impersonates a corporate executive or high-level employee in order to rob the company or its partners or obtain sensitive data. The goal of a BEC scam is to persuade the target to give the attacker money or sensitive information while they believe they are conducting a legitimate business transaction.

Attackers accomplish this by using various deception techniques to persuade users to hand over money or personal information.

How Does a BEC Scam Operate?

BEC fraud, like other social engineering schemes, relies on the human element to be successful.

This implies that in this situation, the fundamental human desire to be a social creature will be exploited.

Because of their natural desire to help and prove their worth, people are more likely to be victims of BEC assaults. The need to respond quickly to a request from your boss takes precedence over the need to double-check whether the request is correct in the first place.

Most BEC attacks consist of three primary steps:

  • Research

BEC scams, also known as "man-in-the-email" attacks, start with extensive research, with the attacker scouring publicly available information about the organization, such as websites, press releases, and social media posts.

  • Planning

After spending time researching his targets, the attacker will devise a few scam scenarios that may be successful.

The attacker will either try to gain access to or spoof the email accounts of the company's most powerful people. You could become a victim by simply changing one digit or one letter in the domain name when creating an email address with a spoofed domain.

  • Attack

Depending on how thorough the opponent is, the BEC assault can occur in a single email or across an entire thread. To gain the victim's trust, this communication typically employs persuasion, urgency, and authority. The attacker will then instruct the victim to send money or provide sensitive information.

Types of BEC Attacks

  • The Fake Invoice Scam

This type of scam frequently targets businesses that work with international suppliers. The attackers pose as suppliers, seeking money transfers to a fraudulent account.

  • CEOs who commit fraud

After gathering the necessary information, the attackers will impersonate the company's CEO or another high-ranking official and send an email to finance personnel requesting money transfers to a bank account controlled by them.

  • An Email Account Compromise (EAC)

A senior executive's or employee's email account is compromised and used to solicit invoice payments from suppliers listed in their email contacts. The funds are then transferred to bogus bank accounts.

Prevent Business Email Compromise

  • Educate your employees

Access to adequate cyber-security training for employees is a critical step that a company must take to protect itself from BEC. Employees should be made aware of the risks and consequences of these attacks, as well as how to spot a scam and respond appropriately in the event of one.

BEC attacks are successful not because they are technologically advanced, but because they take advantage of human weaknesses such as a reaction to authority, scheduling, or even exhaustion.

Clear communication of responsibilities and objectives, as well as adequate guidance in the use of IT and accounting controls, can help to mitigate these risks. Cyber-security threats come in all shapes and sizes, so it's critical to detect, report, and respond to them correctly. Even though it may appear obvious, human error is to blame for 95 percent of successful cyber-attacks. Managers should keep in mind that hackers do not simply break into IT departments by brute force, they look for flaws. As a result, cyber-security skills and expertise are required for every position in the company. Making cyber security a shared responsibility is critical, so include management and IT in your education programme, hold monthly cyber security sessions, and, of course, set specific rules for email, internet surfing, social media, and mobile devices. While there is no foolproof method for protecting your company, educating your employees on security risks and best practices for online behaviour and privacy will significantly reduce the risk of a BEC scam.

  • Encourage employees to object to any suspicious requests.

Because employees have a tendency to rush through activity or a reaction, teaching them to double-check before completing a task may reduce the risk of a cyber-attack. Consider an email from a company's senior executive in which a large sum of money is urgently demanded. Employees must understand that delaying payment is preferable to be scammed, and they must make every effort to ensure that the request they received is legitimate. Employees have a tendency to rush through activity or a reaction, so teaching them to double-check before finishing a task may reduce the risk of a cyber-attack.

BEC assaults, unfortunately, are here to stay due to their surface-level nature. To stay ahead of the growing threat of Business Email Compromise, organizations and employees must alter their mindsets, practices, and security solutions. If you have any doubts concerning the above issue, please contact us. Please do not hesitate to get in touch with us. Your security partner will be Airzero Sec.

Email:[email protected]

enter image description here

Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/

A group of researchers from French, Israeli, and Australian universities investigated the possibility of creating unique fingerprints from people's GPUs and using them for persistent web tracking.

The findings of their large-scale experiment, which involved 2,550 devices with 1,605 different CPU configurations, show that their technique, dubbed 'DrawnApart,' can increase the median tracking duration by 67 percent when compared to current state-of-the-art methods.

This is a serious issue for user privacy, which is currently protected by laws focusing on obtaining consent to activate website cookies.

Because of these laws, unscrupulous websites have begun to collect additional potential fingerprinting elements such as hardware configuration, operating system, timezones, screen resolution, language, fonts, and so on.

This unethical approach is still limited because these elements change frequently, and even when they are stable, they can only assign users to broad categories rather than creating a unique fingerprint.

Identical GPUs are being fingerprinted.

With the help of WebGL, the researchers considered the possibility of creating unique fingerprints based on the GPU (graphics processing unit) of the tracked systems (Web Graphics Library).

WebGL is a cross-platform API for rendering 3D graphics in browsers that are supported by all modern browsers. The DrawnApart tracking system can use this library to count the number and speed of execution units in the GPU, measure the time required to complete vertex renders, handle stall functions, and more.

To overcome the challenge of having random execution units handle the computations, DrawnApart uses short GLSL programmes executed by the target GPU as part of the vertex shader. As a result, workload distribution is predictable and standardized. The team created an on-screen measurement method that performs a small number of computationally intensive operations, as well as an off-screen measurement method that puts the GPU through a longer and less intensive test. This process generates traces made up of 176 measurements taken from 16 points, which are then used to create a fingerprint. Even when evaluating the individual raw traces visually, differences and distinct timing variations between devices can be observed.

The researchers also experimented with swapping out other hardware components on the machines to see if the traces could still be distinguished, and discovered that the fingerprints were solely dependent on the GPU.

Even if a set of integrated circuits is manufactured in the same way, has the same nominal computational power, a number of processing units, and exact same cores and architecture, each circuit is slightly different due to normal manufacturing variability.

In normal day-to-day operations, these distinctions are indistinguishable, but they can be useful in the context of a sophisticated tracking system like DrawnApart, which is specifically designed to trigger functional aspects that highlight them.

Implications and considerations

When DrawnApart is combined with cutting-edge tracking algorithms, the median tracking duration of a targeted user increases by 67%.

As shown in the diagram below, the standalone tracking algorithm can achieve an average tracking time of 17.5 days, but with GPU fingerprinting, this can be extended to 28 days.

Based on the testing conditions, the GPU operational temperature range is between 26.4 °C and 37 °C, with no voltage variations. Workload variations, GPU payloads from other web browser tabs, system restarts, and other runtime changes have no effect on DrawnApart. The next-generation GPU APIs that are currently in development, most notably WebGPU, include computing shaders in addition to the existing graphics pipeline. As a result, the upcoming API may introduce even more ways to fingerprint internet users, as well as much faster and more accurate methods. When the researchers tested compute shaders in the now-defunct WebGL 2.0, they discovered that DrawnApart achieved 98 percent classification accuracy in only 150 milliseconds, much faster than the 8 seconds required to collect fingerprinting data via the WebGL API.

"We believe that once the WebGPU API is widely available, a similar method can be developed. Before enabling accelerated compute APIs globally, the effects on user privacy should be considered "finalizes the research paper Attribute value changes, parallel execution prevention, script blocking, API blocking, and time measurement prevention are all potential countermeasures to this fingerprinting method.

Khronos Group, the developer of the WebGL API, has received the researchers' disclosure and formed a technical study group to discuss potential solutions with browser vendors and other stakeholders. If you have any doubts about the aforementioned issue, please contact us. Please do not hesitate to get in touch with us. Your digital partner will be Airzero Sec.

Email:[email protected]

enter image description here

Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/