1
DARIUS . WOOD @ BEAZLEY . COM AHART @ CRAI . COM BRADKE @ POLSINELLI . COM 2
B USINESS E MAIL C OMPROMISES (BEC) • T RENDS • P ROTECTION • L EGAL I MPLICATIONS R ANSOMWARE A TTACKS • T RENDS • R ECOVERY • P ROTECTION • L EGAL I MPLICATIONS 3
4
Email Spoofing Unauthorized Phishing / and Inbox Rules / Malware Spam Emails Impersonation Forwarding Malicious Contact PCI PHI Macros / PDFs Harvesting Other Compromised Passwords PII Platforms VPN Stored in Email Exposed Credentials Theft of Wire / Bank Direct Deposit Tax Return Intellectual Fraud / Payroll Fraud Fraud Property 5
Compromise Credentials and Access Account Search Account (Searches for “invoice”, “wire”, “payment”, “direct deposit”, etc.) Search for Admin Privileges to Exploit Add Rules/Forwarding Impersonate Users/ Redirect Wire Transfers Send Phishing Messages to Internal/External Contacts 6
• • • • • 7
• • • • • • • • • • • • • • • 8 8
• • • • • • • • • • 9
10
Phishing Emails/ Phishing Links Compromised Websites Attachments with Malicious Macros Compromised MSP Tools RDP Compromises Cloud Providers Targeted 11
• R YUK : • S ODINOKIBI : FREQUENTLY TIED FREQUENTLY USED IN TO T RICKBOT MSP ATTACKS 12
Purchase Recover Rebuild Decryption from Without Tool & Backups Data Rebuild 13
14
• • • • • • • • 15
• • • • • • • • 16
17
Recommend