Brand protection and BEC attacks of 2021

The year started like 2020 did not end. Living in lockdown has proven to be fairly difficult for all of us and the cybercriminals are out there making it even worse. They are busy taking advantage of organizations trying to configure their journey to digital transformation, cloud adoption and remote working.

By combining the fast adoption of SaaS applications and the potential misconfiguration errors that inevitably arise, together with unknown vulnerabilities from third-party suppliers, we have a recipe for disaster for the good guys.

Recent cyberattacks

Let’s start by taking a look at the recently reported spoof attack against that reached over 200 million users. The Business Email Compromise (BEC) phish lured users to check for quarantined emails from a link within the email. Since the email came from a legitimate Microsoft domain, users assumed it was a legitimate message. The cybercriminals were then able to steal their O365 credentials when they accessed and inserted their credentials in a mirror page of the application. 

Attacks like this are not unique. If we look back 12 months earlier, Check Point Software reported that the Florentine Banker Attack started from an impersonation, this time from a look-alike domain to Microsoft. The adversaries were able to compromise O365 credentials and launch a man in the middle attack against two Financial Services organizations in the United Kingdom, eventually financially defrauding them of £1 million. 

Those attacks are becoming more prevalent, and I believe we will be seeing a lot more coming along. Verizon disclosed in its 2020 Data Breach Investigations Report that the top 3 sources of breaches were Phishing, Use of Stolen Credentials, and Misconfiguration. This is showing us a pattern of leveraging social engineering through advanced Business Email Compromise to steal credentials to cloud applications where businesses store or exchange sensitive information and data. 

In 2021, organizations must prioritize the protection of their domains against direct impersonation attacks and identifying then removing look-alike domains.

DMARC can combat spoofing

DMARC (Domain-based Message Authentication, Reporting & Conformance) uses two previously defined protocols, SPF and DKIM, to allow domain owners to explicitly tell the receiving email server what to do with an email that fails authentication. The enforcement of DMARC should be done both in the DNS and email gateway. When configuring a gateway with DMARC, you will be instructing your gateway to honour the policy of the sender’s domain, meaning it will ensure you are protecting your users against inbound impersonations of other domains. However, by enforcing DMARC on your DNS you will also be protecting your domains against direct spoofing attacks, thereby protecting your clients, business partners, internal users and wider supply chain. 

Check email DMARC setup

Gartner recently identified DMARC as a “Top 10 Security Projects for 2020-2021”. They determined that “organizations use email as the single source of verification, and users struggle to determine real messages from fakes.” The advice on the report is that organizations should look to implement and enforce use of the DMARC protocol to add an additional layer of trust and verification with the sender’s domain.

The implementation and enforcement of the protocol are crucial to closing the gap currently exploited by cybercriminals, however, it is only as part of a layered solution. With better targeted, well planned attacks and emails looking more similar to legitimate ones than ever before, it is highly important to empower internal users to identify malicious emails. Leveraging machine learning and behavioural analytics to highlight the potential threats within an user’s inbox is clearly the direction the industry is heading in to offer better protection against these types of threats.

It is also important to ensure that organizations use tools that complement one another and allow for a holistic view of its email attack surface. By gaining 360° visibility, the security operations team can have a more dynamic operating model that allows for faster detection and response, and ultimately, faster recovery from security incidents.

Attacks through supply chains, like SolarWinds are not far from what can happen through the impersonation of legitimate domains, and advanced Business Email Compromise. If you wish to discuss how Red Sift can help your organization protect its brand and domains against impersonation as well as its internal users against advanced Business Email Compromise, get in touch below.


Leo Do Carmo

16 Feb. 2021




Recent Posts


Your guide to the SubdoMailing campaign

Billy McDiarmid

A significant number of well-known organizations have been attacked as part of what’s being called the SubdoMailing (Subdo) campaign that has been going on since at least 2022, research by Guardio Labs has revealed.   The scale of execution of this attack is staggering, and the impact is hugely damaging, but the goal is simple…

Read more

A confident deployment guide for TLS and PKI

Ivan Ristic

Our journey to better network transport security has been quite the ride, filled with ups and downs. Back in the ’90s, when SSL and the Netscape browser were just taking off, things were pretty hard. We were dealing with weak encryption, export restrictions on cryptography, and computers that couldn’t keep up. But over the…

Read more

Red Sift OnDMARC: The best Agari alternative for DMARC

Francesca Runger-Field

Looking for an alternative to Agari DMARC Protection that helps you safely and efficiently stop unauthorized use of your email-sending domains? You’re in the right place.  Here is your definitive comparison guide for Agari and Red Sift OnDMARC – one of the most popular Agari alternatives on the market.  Red Sift OnDMARC overview Red…

Read more

Red Sift OnDMARC: The best Valimail alternative for DMARC

Francesca Runger-Field

Looking for an alternative to Valimail that helps you safely and efficiently stop unauthorized use of your email-sending domains? You’re in the right place.  Here is your definitive comparison guide for Valimail and Red Sift OnDMARC – one of the most popular Valimai alternatives on the market.  Red Sift OnDMARC overview Red Sift OnDMARC…

Read more