October the 23rd saw the inaugural Isle of Man Government Cyber Security Conference – ‘CyberIsle 2019‘, where our CEO David Stubley was invited to speak on the subject of Business Email Compromise (BEC).
The talk covered the motivations for malicious actors looking to conduct such attacks, the anatomy of a successful attack and then three case studies based upon real life incidents that the team here at 7 Elements have managed for our clients.
The talk finished with mitigation advice that can be deployed by any organisation to reduce the risk of a successful compromise. The following document provides an overview of BEC and the core content from the presentation:
The talk also looked at how malicious actors can gain credentials via attacks against externally facing infrastructure, such as Virtual Private Network (VPN) devices. More information on this can be found here: http://www.7elements.co.uk/resources/research/exploit-script-cve-2018-13379/
If you would like to discuss how to gain assurance over cloud based email solutions such as Office 365 then please get in touch with the team.