With business email compromise (BEC) scams up sharply amid the coronavirus pandemic, CISOs have been forced to scour an expanding but largely inscrutable email threat landscape in hopes of fending off costly attacks—until now, that is.
In an industry first, the new Agari Summer '20 Release offers CISOs access to real-world intelligence on specific phishing threats unique to their organizations. Instead of fighting an amorphous enemy, CISOs will know with remarkable granularity which specific employees are being targeted regularly, the exact types of phishing schemes their employees fall for most often, where the attackers are located, and more.
It's exactly the kind of intel that can be used to help block phishing attacks and domain spoofing more effectively than ever before, while forging new phishing response efficiencies. And it couldn't come at a better time.
The COVID-19 BEC Outbreak
In a recent survey from JPMorgan, 75% of US companies reported suffering direct financial damage from email schemes in 2019. And according to the FBI, that translated into more than $8.6 billion in business losses last year.
But with the emergence of the SARS-COV-2 outbreak and subsequent work-from-home mandates, BEC actors began ramping up their attacks using sophisticated new techniques.
The team in our Agari Cyber Intelligence Division (ACID), for instance, was the first to identify the use of COVID-19 as a pretext in BEC scams. In that case, a crime group our researchers have dubbed Ancient Tortoise posed as a supplier to target companies with requests for a change in payment details on outstanding invoices due to the outbreak.
Scams that involve hacking one company to target its own employees or those of its customers and supply chain partners in BEC heists have only proliferated since. And it's no wonder: While a traditional BEC scam may net cybercriminals an average of $60,000, those that involve supply chain imposters average $125,000.
With this latest release, Agari builds further on our industry-leading success in stopping such attacks from ever even reaching their intended targets.
Organization-Specific Intel Means Better Block-and-Tackle
As part of Agari Active Defense, the new BEC threat intelligence service included in our Summer '20 Release delivers real-world cyber intelligence data harvested by the ACID team from direct, active engagements with email fraudsters attacking and scamming an organization.
It's an industry first, from the world's only counterintelligence research team dedicated to BEC scams and spear-phishing investigations. And if that weren't enough, the Summer '20 release also comes with other powerful new features.
Agari Phishing Response, for example, now comes with a Reply-to-Reporter feature that provides a 360-degree feedback loop on malicious emails reported by employees. Now, employees receive confirmation after spotting and submitting a suspected phishing attack to the Security Operations Center (SOC). Once the threat is analyzed, employees are notified of the result—positive or otherwise.
This helps enhance phishing simulation training by further refining employees' ability to identify true attacks, while lowering false positive rates that can overwhelm SOC analysts.
Plus, we've added an additional layer of URL scanning to more quickly and accurately identify high-risk URLs in employee-reported phish emails—reducing the time needed to investigate and eradicate malicious emails from employee inboxes.
Protecting the Brand and Building Community
As part of our Summer '20 release, Agari Brand Protection gets a Domain API that allows SIEM and SOAR applications to import domain and DMARC data, as well as automate monitoring and alerting on anomalies in sending behavior from an organization's email domains.
And the new Agari Community Forum offers customers a single location to check Agari system status, get answers to product questions, share ideas, and collaborate with peers. Customers get full access, and the chance to hear from different voices that face similar email security challenges, communicate with Agari subject matter experts, and participate in active conversations about keeping the enterprise safe from advanced email threats of every kind.
Avoiding Email's Summer of Discontent
For all of these valuable new features, it's probably the BEC intelligence service that has me most excited—especially as reports of brazen BEC scams keep coming.
Last month, the Norwegian Wealth Fund announced it lost $10 million to BEC actors after they infiltrated the organization's networks and stole information that enabled them to impersonate a credible borrowing organization and divert funds to their own accounts.
And just the last few weeks, news hit that the North Korean state-sponsored hackers known as Lazarus Group have started pilfering data from one company in order to launch BEC scams targeting others within the same supply chain.
Forgive me for the expression, but if that's a sign of how the BEC contagion is metastasizing, Agari and our Summer '20 release are here with one very powerful cure.
To learn more about the Summer '20 Release: Check out the Agari Active Defense Self-Service Experience.
Agari customers are also invited to join our new Customer Community Forum.
