Esentire, a cybersecurity firm, released its ‘Annual Threat Intelligence Report 2019 Perspectives and 2020 Predictions’. The report provides data and analysis about how to detect and prevent account takeover attacks.
Account takeovers, also known as Business Email Compromise (BEC) or ‘phishing’, is quickly emerging as one of the most important eCommerce fraud trends. These attacks compromise an organization’s systems via a variety of data and credential stealing methods. Once a hacker gains access, they can steal personal information, or even trick employees into transferring money directly into their bank accounts.
“Phishing continues to be an effective, low-effort means of acquiring credentials that can be sold or put to use to gain initial system access,” the report says. “In 2019, phishing victims showed particular vulnerability to lures relating to email services, Microsoft Office 365 and financial services.”
In its executive summary, the report states its main value is providing data to decision makers. It also states it gives a comprehensive overview of the entire fraud ecosystem.
“This report provides information to assist an organization’s risk-management decisions,” the report executive summary states. “By shining a light on cybercrime—including the players, their motivations, their tactics and their targets—we hope to bring data and insights to conversations often dominated by opinion and guesswork”.
In addition to discussing previously observed trends, the report also makes predictions about what threats will be prevalent in 2020. Topics discussed include increased efficiency of cyber criminals, the use of the cloud as an access point to conduct phishing attacks, and tactical use of deception technology and canary accounts by organizations looking to bait fraudsters into revealing themselves by attacking dummy admin accounts.
In addition to threat-specific recommendations, the report also provides companies with a list of general cyber security guidelines they can follow to increase their level of protection in the new year including strategy development best practices, technology recommendations, and constructing a multi-layered defense strategy.