For some time now, organisations have been subject to attacks by email and by text message.  Generally known as ‘Phishing’ attacks, these have been randomly received by individuals with various lures to encourage them to click on a link.  This then launches an application (Malware) which can cause widespread deletion of data, encryption of that data or takes them to a website that attempts to extort personal or corporate sensitive information.  This may be accompanied by requests for payment (Ransomware) or the organisation may be further compromised.   

This malware may also install small applications that remain hidden until the attacker wants to cause further damage.  The ‘Advanced Persistent Threats’ can be sold on the cyber black market or used, usually by nation state attackers, to compromise a country’s critical infrastructure, of which University of New England (UNE) is a part. 

Recently, these attacks have become more focused, concentrating on those internal users in the executive or having higher levels of authority.  Known as ‘Spearphishing’ or Business email Compromise, these targeted emails attempt to garner sensitive information from these users or attempt to get them to carry out instructions that would compromise the business. 

What is “Business Email Compromise (BEC)”? 

BEC is when a malicious actor sends emails from a senior member of staff’s account (such as a Director, CEO, COO etc.). These emails often ask for money to be transferred, contain fake invoices, or are used to pass on further malicious software and attachments to unsuspecting recipients. Ever since COVID-19 has reared its head, there has been more than a 600% increase in cyber-attacks, with the majority of these being a mixture of Phishing and BEC style attacks. This trend is carrying on with some statistics showing that cyber-attacks for Q3 2021 have already surpassed Q1 and Q2 numbers for 2021 combined. 

Source: Armorblox Named Sample Vendor in 2021 Gartner Hype Cycle for Midsize Enterprises

Most victims of these attacks keep them a secret and often don’t publicise any details of the attack.  Victims of these attacks include the financial sector, Agriculture, Higher Education and Government targets throughout the world.  Some may consider it to be bad publicity to advertise that they were victims of fraud.  However, they do need to consider the longer-term impact if it became known they lost sensitive information about stakeholders; especially if it is Personally Identifiable Information. 

How can this affect UNE?

UNE, like any other organisation, is vulnerable to this type of attack.  Whilst technology is evolving to address this threat, it is still not at a stage where it can be considered completely eliminated.  We are still very reliant on you, the end user, to be vigilant.  This is the ‘Human Firewall’ part of UNE’s cyber security infrastructure. 

Case study: Compromised email account leads to loss of more than $100,000 

In 2020, the accounts department of an early learning centre received six invoices from their Managing Director on a Saturday, with a request that these be paid as soon as possible. The accounts department paid three of the invoices over the weekend, totaling more than $100,000 (AUD). 

The following week, the accounts department received another large invoice from the Managing Director. As this email was sent during office hours, the accounts department approached the Managing Director, who was unaware of the invoices. Subsequent internal investigations revealed that the Managing Director’s email account had been compromised by a cybercriminal, who had been using this account to send out fraudulent invoices. 

This can be a costly mistake to make, it is always worth checking with the sender of the email before paying large amounts of money.  

Another consideration would be what if this happens to one of UNE’s suppliers?  If a supplier has been compromised, they may start sending invoices that seem unusually urgent, out of their normal business practices or for amounts and work that is not recognised. 

You should always be clear on how suppliers or third parties normally operate and handle their invoicing, as well as being suspicious of unusually urgent emails which request payment to be approved (even if the sender appears to be someone you know).  

What do you need to do? 

As the end user, you are the last line of defence we have against such attacks.  These emails are evolving and at first sight appear genuine.  Details may all appear correct, but as a recipient, the question you must ask yourself is ‘Is this request normal?’  If something seems unusual, it is worth the 2 minutes it would take to check; and not by responding to the email.  Make a phone call or send a text to confirm the request.  It could save hundreds of thousands of dollars.   

If you are at all unsure or suspicious, contact your supervisor or the UNE service desk on ext 5000