The continued use of threat intelligence to combat nation-state espionage is an important practice for cybersecurity teams. However, outside of common types of fraud seen on the dark web or closed forums, the same threat intelligence often is not leveraged to combat enterprise fraud. Prevention is the key to protecting your organization from cyber breaches. An effective defense uses all of the tools available to keep a breach from occurring in the first place.
According to Sun-Tzu, a 4th-century Chinese general who authored the earliest known text on war and espionage, Ping-fa (The Art of War) stated:
“A hundred ounces of silver spent for information may save ten thousand spent on war.”
His quote still applies today in the 21st century to defend against cyber threat actors.
If you target APT threats by espionage actors, buying access to known behaviors and TTPs used by APT groups helps build detection models. For instance, the foothold, lateral movement, privilege escalation, and exfiltration techniques are generally repeatable across Windows and Linux corporate and production systems. Security teams build threat alerts and threat hunting models on the TTPs that are likely to target their organizations. There is no universal type of fraud and no “one size fits all” way to fight fraud. It is important to be familiar with multiple types of fraud that could affect your organization to build customized defenses that pertain to loss and brand degradation.
12 Common Types of Fraud in Enterprise:
- Online Shopping Fraud: Involves setting up fake online shopping portals to cheat people of their money.
- Chargeback Fraud: Consumers fraudulently attempt to secure a refund using chargeback processes.
- SIM Swap Scam: Account takeover fraud targeting weaknesses in two-factor authentication where the second factor is a call or text message to a mobile device. This allows interception of one-time passcodes to gain access to victims’ accounts so fraudsters can transfer funds.
- Identity Theft Account Takeover: Personal information is stolen through account takeover by modifying PII, adding authorized users, and changing passwords. It is used to carry out unauthorized transactions. Synthetic identity theft combines real and fake information to create a new identity.
- Phishing and Spoofing: The use of email, online messaging, fake websites, and social engineering to dupe victims into sharing personal data, login credentials, and financial details.
- Ghost Employee Scam: The scams use fraudulent PII to apply for IT, programming, database, and software jobs. These positions have access to sensitive customer or employee data, implying the imposters could steal sensitive information and cash a fraudulent paycheck.
- Credential Stuffing: Credentials are obtained from a data breach on one service and used to attempt to log in to another service. This includes stolen data from users and organizations and resold on the dark web or closed forums.
- Business Email Compromise (BEC): This is a sophisticated attack targeting businesses that frequently make wire payments. It compromises legitimate email accounts through social engineering techniques to submit unauthorized payments.
- Rewards Point Fraud: Fraudsters call credit cardholders claiming to be from their credit card company. They offer to help redeem cardholders’ accumulated points and request card details along with OTP. Then, fraudsters carry out transactions using these details.
- Social Media Fraud: This includes bulk fake account creation, token abuse using OAuth access, and hacked accounts of friends who send links asking for money.
- Credit Card Fraud: Hackers fraudulently acquire people's credit or debit card details to steal money or make purchases. Skimming and bust-out are common types of credit card fraud.
- Tech Support Fake Virus Warning Scams: The consumer receives a warning indicating their computer is infected. The scammer then prompts the user to download an application, takes control of the computer, downloads an actual virus, and tells the consumer they need to fix the problem for a fee.
While solutions exist for prevention, most solutions focus on one or a few types of fraud. Fraud happens at such an unprecedented scale that utilizing law enforcement to disrupt bad actors is a hard value proposition. Organizations and individuals simply need to make themselves a harder target so the fraudsters move on.
There is no silver bullet for fraud detection. However, the following capabilities will allow organizations to detect fraud regardless of the techniques and methods used.
- Gather comprehensive and demonstrated collection coverage against the dark web, closed forums, social media, and open source websites for your organization’s PII. These coverage areas must align with the business's most substantial monetary losses.
- Use Threat actor engagement to understand TTPs and make stronger requirements on the application architecture, processes, and controls. Employing the right linguists is key to identifying critical slang terminology.
- Test the tools fraudsters create to exploit enterprise platforms and employees.
- Employ threat intelligence analysts who can use obfuscated payments to buy on closed forums on an organization’s or individual’s behalf.
- Conduct discreet investigations with general counsel, human resources, IT, and engineering.
Organizations need to be able to go outside the firewall to gather as much threat actor information as possible to build robust internal defenses against fraud. Further, security and fraud teams need to align with other business stakeholders to determine additional disruption outcomes that culminate with assigning dollar value loss to these outcomes.
What is important is that you are using targeted cyber threat intelligence. This means that you are being delivered the intelligence that is important to your entity, not all of the cyber threat intelligence in the world. Delivered is the key; why drive a dashboard seeking what is important to you? Work with a company like Red Sky Alliance/Wapack Labs that can provide this daily or on-demand basis.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please contact the office directly at 1-844-492-7225 or feedback@wapacklabs. com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www. redskyalliance. org/
- Website: https://www. wapacklabs. com/
- LinkedIn: https://www. linkedin. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings