In the digital age, businesses heavily rely on email communications. However, a concerning trend has emerged: the rise of Cybercrime-as-a-Service targeting business emails. According to Microsoft, this threat has surged by 38% globally between 2019 and 2022. Safeguarding sensitive information and preserving business operations has become paramount in the face of this alarming development.

Sygnia, a leading cyber technology and services company that provides high-end consulting and incident response support for organisations worldwide, was recently called upon to investigate a Business Email Compromise (BEC) attack against one of its clients. BEC attacks are a rapidly growing online crime with financial implications across various industries, including in Singapore and the APAC market. In this report, Sygnia shares effective techniques to detect major BEC campaigns, assisting security professionals in analysing suspicious indicators and enhancing threat monitoring and detection. By leveraging advanced Cyber Threat Intelligence (CTI) enrichment techniques, Sygnia identified that this BEC attack was part of a more extensive campaign impacting multiple global organisations.

The threat actor gained initial access and executed an 'adversary-in-the-middle' attack to bypass Office 365 authentication, gain persistence on the network, and exfiltrate data. However, Sygnia discovered that this was not the attacker's ultimate goal. Instead, the compromised accounts were being used as a beachhead to launch further phishing attacks as part of a global phishing campaign targeting dozens of organisations.

As the cyber threat landscape continues to evolve, businesses must remain vigilant and equipped with the necessary knowledge to detect and combat such malicious activities. By sharing their findings, Sygnia aims to empower organisations with the tools they need to strengthen their defences, proactively detect threats, and mitigate the risks associated with these pervasive cyber threats.