The GreatHorn Threat Intelligence Team, alongside hundreds of responses from IT security professionals, report 58% of organizations have experienced an attempted Supply Chain Attack in the past year. One of the largest attack techniques used in Supply Chain Attacks is a form of man-in-the-middle (MitM) attack, whereby an attacker compromises login credentials to leverage legitimate email communications between parties to carry out their Supply Chain Attack. Known as Vendor Email Compromise (VEC), once attackers have access to log into a user’s email they can pose as that user and leverage those trusted relationships in the user’s supply chain to go as far as taking advantage of existing email threads, or data.
Given the quantity of workers remaining in a remote capacity, and the increase in phishing attacks that lead to malicious sites that compromise credentials, an organization’s supply chain has become a significant target for cybercriminals. With 3.7% of all emails containing potentially malicious links that bypass native email security controls, and 41% of organizations stating that users click on malicious links daily, identifying links that attempt to harvest credentials is the first step for organizations in securing and protecting their users from account takeovers.
So how do organizations detect MitM attacks?
It’s important for organizations to know the adversary tactics and techniques being used in order to develop mitigation strategies – and in the event that the attacker succeeds, how to detect and remediate attacks. There are 2 steps to mitigate the risk associated with Vendor Email Compromise in these MitM cyberattacks.
Step 1: Credential Theft Detection
To be able to perform a VEC attack, the attacker typically first begins with a phishing, or more targeting spear-phishing attack. Organizations should be able to systematically identify those emails that contain links to credential harvesting sites. An email security platform should leverage advanced computer vision to analyze suspicious links and prevent employees from accessing password stealing accounts. This functionality mitigates against credential harvesting attacks that can lead to account takeovers and internal spear phishing.
Step 2: Identity Verification
In the event credentials have been compromised and the account is taken over, another line of defense to mitigate the risk of further attacks is to use biometric authentication to verify a user’s identity. An email security platform should be able to recognize a user’s unique typing patterns such as keystroke speed, pressure, timing and more. The result is 100% detection of compromised accounts via email.
Attackers will continue to launch continuous attacks against supply chain partners, gaining access to supplier systems, including email. Identifying spoofed vendors/individuals that can send malicious links and compromised partner accounts calls for advanced email security techniques. By augmenting or replacing traditional email security approaches with more sophisticated capabilities, organizations can detect and mitigate the risk of supply chain attacks.
Want to know how at risk your organization is for Supply Chain Attacks and Vendor Email Compromise?
Try GreatHorn Risk-Free for 30 Days!