This morning, the US Department of Justice announced that 74 arrests were made during operation “Wire Wire.” The multi-national law enforcement agency effort collared criminals running Business Email Compromise (BEC) scams. BEC is aimed at businesses’ most trusted insiders, which are those that have the ability to approve payments and transfer funds. Law enforcement agencies estimate that criminals involved may have scammed hundreds of individuals and businesses out of as much as $21 million. According to the FBI’s Internet Crime Complaint Center (IC3), BEC and Email Account Compromise (EAC) have driven $3.7 billion in losses overall. Read the full release at: 74 Arrested in Coordinated International Enforcement Operation Targeting Hundreds of Individuals in Business Email Compromise Schemes.
Among the outlets publishing news about the arrests was SC Magazine. In “Law enforcement operation scoops up 74 BEC scammers,” Doug Olenick wrote:
Like most BEC scams the cybercriminals targeted small to medium sized business using socially-engineered emails to convince an employee to transfer money or valuable corporate data to the criminal operation.
Doug also quoted Dtex CEO Christy Wyatt:
The operation is also a reminder that most major cybercrimes involve employee error and under-utilization of technology and education resources that can be used to defend our most trusted insiders.
Organizations interested in how to defend their employees and executives against falling victim to such attacks can access a wide range of resources available to help. The FBI published a public service announcement today that outlined steps to take, which includes advice to frequently monitor systems and to provide security training. The Dtex 2018 Insider Threat Intelligence Report provides a list of effective technologies that organizations use to reduce the risk of attacks that take advantage of humans. Cofense, formerly PhishMe, provides advice on 10 Ways to Defend Against Business Email Compromise / CEO Email Fraud Scams.
More Dtex In the News
Computer Weekly reporter Christian Annesley published an article about the Williams Group Formula One racing operation, Williams Grand Prix Engineering. In the story Annesley gives a rare look at how organizations stack security providers. Among the vendors Williams F1 group CIO Graeme Hackland mentions are Thales, Symantec, Cisco and Dtex Systems. Said Hackland:
When it comes to security, the job is never done. Our endpoint security and our cloud security is demonstrably robust now, through our partnerships since 2014 with the likes of Thales, Symantec, Cisco and Dtex Systems, but we want to move faster in the next 12 months while maintaining resilience in a world where absolute security is not realistic.
For a deeper read, visit: BYOD for mobile ‘a year away’ for Williams F1
Every week, the California State Attorney General hosts copies of the official breach notification letters that California businesses are required to publish as part of the disclosure process. Three out of the seven breaches reported last week were the result of internal human error. Server configuration mistakes, incorrect email attachments, and wrong email addresses were the reasons behind the breaches. For a look at the notification letters in detail, visit: State of California Department of Justice.