Information Technology

Image: WebKit
A cybercrime group specialized in showing malicious ads has abused an unpatched zero-day vulnerability in WebKit-based browsers to break security restrictions and redirect users from legitimate portals to shady sites hosting online gift card scams.
The attacks were first spotted in June 2020 and are still active today; however, patches for the WebKit zero-day have been released at the start of the month.
According to a report from cyber-security firm Confiant, shared with ZDNet last week, the culprits behind the attacks are a group previously known as ScamClub.
Active since 2018, this group operates by buying large quantities of ad slots on multiple platforms in the hope that some of its bad ads make it through security checks.
Since it was first discovered almost three years ago, ScamClub has typically targeted iOS users with malicious ads that often redirected users to sites hosting online scams that tried to collect users’ financial information.
Its most recent operation also follows this pattern. In a campaign that appears to have started last summer, Confiant said it saw the group abuse a novel method to allow the malicious code that it typically hides in ad slots to break out of the ad slot’s iframe HTML element’s sandbox, a security system that prevents the code from interacting with the underlying website.
Using a quirk in how the Webkit browser engine handles JavaScript event listeners, the ScamClub group has been delivering malicious ads for the past months that redirected users from legitimate sites to shady domains hosting gift card scams, similar to what they’ve done in previous campaigns in previous years.

Image: Confiant

“Over the last 90 days, ScamClub has delivered over 50 million malicious impressions, maintaining a low baseline of activity augmented by frequent manic bursts — with as many as 16 million impacted ads being served in a single day,” said Eliya Stein, a Senior Security Engineer at Confiant.
The vulnerability abused in these malvertising campaigns only worked with browsers using the open-source WebKit engine. This includes Apple’s Safari and Google Chrome for iOS.
Stein said his company reported the bug to both the Apple WebKit team and Google last June. A patch for the WebKit bug shipped last December, and the fix has eventually reached Safari for macOS and iOS, released at the start of the month.
Victims of this malvertising campaign will be hard to trace. Anyone who bought gift cards from unofficial websites using a Safari or Chrome for iOS browser can be considered a candidate. If they shared payment card details with these sites, users might need to check their payment card history for any suspicious transactions, which might suggest that the group might have abused or shared their financial details with other scam groups.
Confiant has released a list of sites where the ScamClub group hosted gift card scams as part of its recent malvertising campaign. Users can check their browser history to see if they accessed any of these sites before taking other steps to secure their payment card data.
goodluckpig.spacegoodluckman.spacegoodluckguy.spacegoodluckdog.spaceluckytub.xyzluckyguys.xyzluckyguys.tophknewgood.xyzhknewgood.topusgoodwinday.topusgoodwinday.xyz2020workaffnew.topvip.peopleluck.xyzvip.fortunatefellow.xyzvip.fortunateman.xyzvip.fortunatetime.xyzvip.fortunatepeople.xyzvip.luckydevil.xyzvip.superlucky.xyzvip.luckydraw.spacevip.hipstarclub.comworkcacenter.spacetrkcenter.xyztrkingcenter.xyzgotrkspace.xyztrkmyclk.spacedbmtrk.xyztrkmyclk.xyz More

Microsoft is continuing to try to differentiate its Chromium-based Edge browser from the competition with new features. On February 16, Microsoft made yet another of these features available to testers in the Canary Mode: Kids Mode.Some Edge Insider testers running the daily Canary builds will be able to test Kids Mode starting today. The Dev Channel branch should get the feature relatively soon. Kids Mode will be able to be launched through the profile picker inside Edge. Closing Kids Mode or granting an exception to it will require a device password.Kids Mode will make new customized themes and “child-friendly” content available on the New Tab page. It also will include privacy and security features like tracking prevention, InPrivate mode and Bing Safe Search, which filters adult text, images and videos from search results.I’m hearing Kids Mode won’t require a child to have a Microsoft Account or for parents to create a Family Group in order to take advantage of the feature. It also sounds as if ads won’t be show on the New Tab Pag in Kids Mode.
Kids Mode is currently for Edge on Windows and macOS only in U.S. English.
If you care more about enterprise features in Chredge than consumer ones, don’t forget to check out the relatively new What’s Next page on the Insider site. More

Singapore is setting aside SG$24 billion ($18.1 billion) over the next three years to help local businesses innovate and build capabilities needed to take them through the next phase of transformation. The financial boost will go towards various initiatives such as the Emerging Technology Programme, which will see the government co-fund the cost of trials and adoption of emerging technologies including 5G, artificial intelligence (AI) and cybersecurity. 
This was necessary to ensure the country remained competitive and ready to tap future opportunities, said Deputy Prime Minister and Finance Minister Heng Swee Keat, during his parliamentary speech Tuesday detailing Singapore’s budget for fiscal 2021. He noted that last year’s series of budgets had tilted towards “emergency support” in light of the global pandemic, but there was a need to focus this year’s investment towards accelerating “structural adaptation”. 
He pointed to the changing competitive landscape, fuelled by the speed of technological advances and reconfiguration of global supply chains, as a key driver for all stakeholders to move and respond swiftly to tap the various opportunities. 

Heng said: “We must move from just counter-cyclical fiscal and monetary stabilisation policies, to structural economic policies to equip our businesses and workers with deep and future-ready capabilities.”
In this aspect, the government would look to cultivate a business community “with a strong spirit of innovation” and that was “deeply connected” with Asia and the world. A range of capital also would be provided to support businesses in their transformation and ability to scale, he said.
This would include the Corporate Venture Launchpad, which would offer co-funding for companies to build new ventures through pre-qualified venture studios. Slated for pilot this year, the new platform would be relevant for larger enterprises keen to nurture a startup mindset within their organisation, the minister explained. 
The BCG Digital Ventures, for example, is a venture studio that partnered local food and agricultural company Olam to develop Jiva, a farmer services platform designed help farmers increase their crop yield and connect directly to potential buyers.  

Plans also were underway to enhance the Open Innovation Platform with new features to link up companies and government agencies with relevant technology providers to resolve their business challenges. A cloud-based digital bench, for instance, would be develop to facilitate virtual prototyping and testing. 
The Open Innovation Platform also offers co-funding support for prototyping and deployment, Heng said. The Building and Construction Authority, for example, was matched with three technology providers — TraceSafe, TagBox, and Nervotec — to develop tools to enable the safe reopening of worksites. These included real-time systems that enabled construction site owners to conduct COVID-19 contact tracing and health monitoring of their employees.
Enhancements also would be made for the Global Innovation Alliance, which was introduced in 2017 to facilitate cross-border partnerships between Singapore and global innovation hubs. Since its launch, more than 650 students and 780 Singapore businesses had participated in innovation launchpads overseas, of which 40% were in Southeast Asia, according to Heng.
He said investments would continue to go towards increased partnership and infrastructure building across the Asean region, noting that strong connectivity was essential to enable Singapore’s businesses to plug into global and regional supply chains and industry clusters. 
Asean nations collectively were the world’s fifth largest economy, generating a GDP $3.2 trillion in 2019, and became China’s largest trading partner last year, Heng said. With significant growth potential in the region, he said Singapore would continue to work with Asean members to enhance digital connectivity and cybersecurity, as well as further drive initiatives such as the Asean Smart Cities Network.
These included efforts to build up a cluster of industries around medtech, food manufacturing, and electronics that were seeing growing demand across Asean. He said the Southeast Asia Manufacturing Alliance was recently launched to support such efforts, with the aim to promote a network of industrial parks to manufacturers looking to invest in Singapore and the region, and link up local companies with these manufacturers.
To further encourage Singapore companies including large and small and midsize businesses to invest in new technologies to boost their competitiveness, the government would co-fund their adoption of digital tools and emerging technologies. 
Elaborating on the Emerging Technology Programme, Heng said the initiative would buffer the costs of trials and deployment of technologies such as 5G, AI, and “trust” technologies, and support the commercialisation of innovation. 
A new Digital Leaders Programme also would support companies in hiring their core digital team and in developing and deploying digital transformation strategies, he said. 
The minister added that the government would partner equity firms to offer growth capital for local businesses to transform and scale. Here, SG$500 million would be co-invested with state-run investment firm Temasek Holdings in a Local Enterprises Funding Platform, which would be managed commercially. In addition, Temasek would match the government’s investment, making SG$1 billion available in total, he said. 
Heng also underscored the need to groom innovation leaders and businesses, especially in deep technology areas. A new Innovation and Enterprise Fellowship Programme would be established to support 500 Fellowships over the next five years. Led by the National Research Foundation (NRF), this initiative aimed to address requirements in areas such as cybersecurity, AI, and health tech, he said. He added that the NRF would work with various partners including accelerators, venture capital firms, and deep tech startups. 
Going big on green
With climate change “real and urgent”, funds also would be set aside to drive Singapore’s green initiatives. The country last week launched its Green Plan 2030, a decade-long plan to drive efforts in building a “green, liveable, and sustainable” home for future generations. 
Technology, Heng said, played a key role here and would open new possibilities, having already helped Singapore address water and land constraints.
Amongst its goals here were plans to roll out 60,000 electric vehicle charging points at public carparks and private premises by 2030 as well as a SG$30 million investment over the next five years for electric vehicle-related initiatives. 
The government also had identified up to SG$19 billion worth of public sector green projects, including the Tuas Nexus initiative, which would be financed with green bonds. The project integrates waste and water treatment facilities as well as optimises energy and resource recovery in the solid waste and used water treatment processes, according to Heng. 
RELATED COVERAGE More

Palo Alto Networks said Tuesday that it was acquiring Bridgecrew, makers of a developer-centric security platform. The $156 million deal is meant to help Palo Alto Networks extend the functionality of its Prisma Cloud security platform further into the DevOps process.

Prisma Cloud aims to help organizations securely connect office branches and mobile users to the cloud, allow for SaaS adoption with a cloud access security broker, and improve security across multi-cloud deployments. With the addition of Bridgecrew, Palo Alto Networks said it will be able to offer security across the full application lifecycle via a single platform.
Palo Alto Networks said it was most interested in Bridgecrew’s infrastructure as code (IaC) — where infrastructure configuration is codified during development — approach to cloud security. The company said Bridgecrew’s IaC platform offers developers and DevOps teams a way to enforce infrastructure security standards throughout the development lifecycle. Once integrated with Prisma Cloud, developers will have security assessment and enforcement capabilities throughout the DevOps process, the company said.
“Bridgecrew’s product embeds security into every commit, pull request and build job,” said Palo Alto Networks’ product chief Lee Klarich. “In doing so, it alerts the dev teams in realtime and in the tools they know and love so much. This is not only good for developer productivity – it also helps security teams to focus on critical runtime security threats. Both teams win in the end.”
Palo Alto Networks also announced updates to Prisma Access on Tuesday. The updates aim to help organizations better secure their remote workforces and improve productivity with an optimized user experience. New features include ML-powered security for real-time attack prevention, and IoT security tools to safeguard devices across remote branches, sites and workers.
RELATED: More

When choosing a VPN, you’ve got a lot of choices. In our best of guide and speed test guide, we’ve narrowed down the list from the 50+ branded commercial options out there to about 10. But once you narrow the list down even more, what do you choose? In this article, we’ve taken two of our top choices — NordVPN and Surfshark — and compared them.

Surfshark wins
VPN providers are always tinkering with their pricing, so these numbers are bound to change. That said, Surfshark is less expensive. Surfshark’s best deal is what they tout as $2.49 a month (you’ll really be paying $59.76 now for two years of service). Nord is asking for $3.71 (or a wallet hit of $89 on signup for two years of service).
Surfshark definitively wins this round by allowing you to run an unlimited number of client devices with its VPN service, while Nord permits a relatively generous six simultaneous connections.
Both offer a 30-day money-back guarantee.
View Now at Surfshark

NordVPN wins
Image: ZDNet/David Gewirtz
In our fastest VPN guide, we took a look at both our own in-house tests and how the Internet overall rated VPNs. We compared VPN rankings in speed tests from 10 sites besides ZDNet. Of potentially more interest, we compared the standard deviation of those rankings, which helps us determine whether a given VPN has a consistent ranking all across the internet, or different reviewers got wildly different numbers.
As the above slide shows, NordVPN not only had a better aggregate average ranking but a considerably lower standard deviation. This means that pretty much wherever you are, your NordVPN performance should be pretty good. By contrast, how Surfshark will perform is likely to be considerably less predictable.
View Now at NordVPN

Tie between NordVPN and Surfshark
Both NordVPN and Surfshark support the big four: iOS, Android, Mac, and Windows. Surfshark also supports Linux, FireTV, Apple TV, and what it calls “other TVs.” It supports Xbox and Playstation as well as browsers Chrome and Firefox.
NordVPN lists Android TV, Linux, and Chrome and Firefox extensions on its download page, but has a support page for installing NordVPN on other platforms, including routers, Raspberry Pi, and NAS boxes including Synology, Western Digital My Cloud, and QNAP.
The fact is, both products support a reasonably wide range of devices. If you’re a NAS user, you probably want NordVPN. If you’re a console gamer, you probably want Surfshark. As we always recommend, do your research before buying.
View Now at NordVPN VIEW NOW AT SURFSHARK

Tie between NordVPN and Surfshark
Let’s get this out of the way upfront: If you’re counting on a VPN for your physical freedom or to protect your life, you must do a lot more research than just reading an article like this. With that said, let’s look at the overall profile for these two vendors.
NordVPN has gotten a lot of mileage out of its Panamanian corporate registration, claiming that Panama puts its records out of the legal reach of governments and lawyers.  s I discussed in great depth in my analysis of NordSec, it’s possible that countries with Mutual Legal Assistance Treaties (MLAT) may well be able to pierce the corporate veil.
Although I didn’t do as deep an in-depth analysis of Surfshark, the company has the same claims and limits as Nord. Surfshark lists its registry in the British Virgin Islands but is a company with developers based in many MLAT countries as well.
Both vendors tout a no-logs policy. Both vendors say they don’t capture connection time stamps, used bandwidth, traffic logs, IP addresses, or browsing data. Both offer warrant canaries. Both capture email addresses and billing information. NordVPN does capture your billing address and country. Both NordVPN and Surfshark accept cryptocurrencies.
View Now at NordVPN VIEW NOW AT SURFSHARK

Tie between NordVPN and Surfshark
Both vendors offer a kill switch, which we consider table stakes in terms of VPN special features. Surfshark offers a multi-hop connection, which is similar to NordVPN’s feature causing your IP address to change twice before reaching the destination server. Both support P2P, allowing you to torrent your favorite Linux distros (and possibly other digital sharing activities of dubious legality, which we categorically do not recommend).
NordVPN has a few interesting features not provided by Surfshark. NordVPN also provides Onion Over VPN, which allows you to use both the Onion anonymizer and Nord’s VPN together. NordVPN also allows you to buy a dedicated IP address, which can help if you’re dealing with anonymous servers or gaming connections. NordVPN also offers business plans.
Both providers offer malware and adware filtering, although Surfshark’s AdBlock VPN feature appears to be somewhat more comprehensive. Surfshark also offers what it calls Camouflage Mode, which the company says can prevent your local ISP from knowing you’re surfing using a VPN. While NordVPN has a blog post on whitelisting, they don’t appear to have whitelisting as an actual client feature. By contrast, Suftshark uses its split-tunneling feature as a whitelister.
Both vendors come to the game with most of the features you’d expect. Nord has a few more business-focused features while Surfshark has some features that may afford a limited degree of additional personal privacy — but this would need in-depth testing to truly validate. As such, we’re calling a tie for special features.
View Now at NordVPN VIEW NOW AT SURFSHARK
Decision tree
So how do you decide? Here are a few options that may make that decision easier.

If price is your top concern, Surfshark will save you about $30 over two years.
If predictably fast download performance is key, then NordVPN is more consistently fast in overall performance.
If you need a VPN for a NAS appliance, then NordVPN is your choice.
If you want a VPN for your Xbox or Playstation, choose Surfshark.
If you want a dedicated IP address or more business-oriented features, choose NordVPN.
There you go. Surfshark vs. NordVPN. It’s not a super cut-and-dried answer. One isn’t wildly better than the other. But the decision tree above should help you pick the winner given your own needs. How do these choices fit your needs? Have you chosen a VPN provider already? What capabilities and characteristics helped you to make up your mind.
You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.

ZDNet Recommends More

We’ve narrowed down the best VPN service from the 50+ branded commercial options to about 10, which we spotlighted in our best of and speed test guides. At some point, though, you need to make a choice. In this article, we’ve taken two of our top choices — ExpressVPN and NordVPN — and compared them.

NordVPN wins
VPN providers are always tinkering with their pricing, so these numbers are bound to change. That said, NordVPN is less expensive. Nord is asking for $3.71 (or a wallet hit of $89 on signup for two years of service).
ExpressVPN’s best deal is what they tout as $6.67 a month (you’ll really be paying $99.95 now for 15 months of service). After that 15 months, you’ll be charged $99.95 every 12 months, so the per-month price is essentially going up about a buck and a half after that first year. Nord reserves the right to change prices, but it doesn’t have a baked-in price increase in its “special offer” deal.
NordVPN allows you to connect six client devices at once with its VPN service, while ExpressVPN allows five. Both offer a 30-day money-back guarantee.
View Now at NordVPN

NordVPN wins
Chart: ZDNet/David Gewirtz
In our fastest VPN guide, we took a look at both our own in-house tests and how the Internet overall rated VPNs. We compared VPN rankings in speed tests from 10 sites besides ZDNet. Of potentially more interest, we compared the standard deviation of those rankings, which helps us determine whether a given VPN has a consistent ranking all across the internet, or different reviewers got wildly different numbers.
As the above slide shows, NordVPN not only had a better aggregate average ranking but a lower standard deviation. This means that pretty much wherever you are, your NordVPN performance should be pretty good. ExpressVPN came very close, though. We’re giving NordVPN the technical win, but we doubt you’ll be able to tell much of a difference during real-life usage.
View Now at NordVPN

ExpressVPN wins
Both NordVPN and ExpressVPN support the big four: iOS, Android, Mac, and Windows. ExpressVPN also supports Linux, routers, and Kindle Fire. It supports Xbox, Playstation, and the Nintendo Switch as well as browsers Chrome, Edge, and Firefox. When it comes to TV support, ExpressVPN lists Apple TV, Amazon FireTV, Samsung, Roku, Nvidia Shield, Chromecast, LG Smart TVs, Android TV, and others that require more of a manual setup process. Additionally, it offers setup instructions for Synology and QNAP NAS appliances.
NordVPN lists Android TV, Linux, and Chrome and Firefox extensions on its download page, but has a support page for installing NordVPN on other platforms, including routers, Raspberry Pi, and NAS boxes including Synology, Western Digital My Cloud, and QNAP.
The fact is, both products support a reasonably wide range of devices, but we have to give the win to ExpressVPN. You can keep digging down in the support pages and there are more and more devices with install tutorials, the deeper you dig.
View Now at ExpressVPN

NordVPN wins
I always like to make sure this point is stressed in all my VPN coverage: if you’re counting on a VPN for your physical freedom or to protect your life, it’s important that you do a lot more research than just reading an article like this. With that said, let’s look at the overall profile for these two vendors.
NordVPN has gotten a lot of mileage out of its Panamanian corporate registration, claiming that Panama puts its records out of the legal reach of governments and lawyers.  As I discussed in great depth in my analysis of NordSec, it’s possible that countries with Mutual Legal Assistance Treaties (MLAT) may well be able to pierce the corporate veil.
Although I didn’t do as deep an in-depth analysis of ExpressVPN, the company has similar claims and limits as Nord. ExpressVPN lists its registry in the British Virgin Islands but is a company with developers based in many MLAT countries as well.
Both offer warrant canaries. Both capture email addresses and billing information. NordVPN does capture your billing address and country. Both vendors support cryptocurrency.
Both vendors tout a no-logs policy. Both vendors say they don’t capture connection time stamps, traffic logs, IP addresses, or browsing data. NordVPN says it doesn’t track used bandwidth, while ExpressVPN says it tracks total amount of daily data transmitted each day. ExpressVPN also tracks the location of VPN servers you connect to. That’s not good, because it means they can tell where your connection originated from (or at least the country) and where you’re trying to connect to. For this reason, we’ll give NordVPN a slight win.
View Now at NordVPN

NordVPN wins
Both vendors offer a kill switch, which we consider table stakes in terms of VPN special features. Both companies offer split tunneling, allowing you to channel some traffic through the VPN and the rest through your local connection without VPN interference. ExpressVPN says it’s running a private DNS, but any VPN provider is going to need to do domain name resolving. So while other vendors don’t list “Private DNS” as a feature, they all need to be running a DNS as a consequence of their role in packet forwarding.
NordVPN advertises its support for P2P, allowing you to torrent your favorite Linux distros (and possibly other digital sharing activities of dubious legality, which we categorically do not recommend). ExpressVPN makes no mention of P2P.
NordVPN has a few interesting features not provided by ExpressVPN. NordVPN also provides Onion Over VPN, which allows you to use both the Onion anonymizer and Nord’s VPN together. NordVPN also allows you to buy a dedicated IP address, which can help if you’re dealing with anonymous servers or gaming connections. NordVPN also offers business plans.
ExpressVPN has an interesting blog post about how it prevents its apps from getting malware but doesn’t offer malware protection for traffic run over its VPN network. NordVPN provides malware and adware filtering.
Both vendors come to the game with many of the features you’d expect. Nord has more features, ranging from additional business options to additional protection options. We have to give this win to NordVPN.
View Now at NordVPN
Decision tree
The winner in this competition is pretty decisively NordVPN, with four wins to one. But just because we awarded big category wins to Nord doesn’t mean that’s all you should consider when buying a VPN service. So how do you decide? Here are a few options that may make that decision easier.

If price is your top concern, NordVPN will save you about $85 over two years. Over two years, ExpressVPN is almost double NordVPN’s price.
If predictably fast download performance is key, then NordVPN is a bit more consistently fast in overall performance.
If you need a VPN for a NAS appliance, then either NordVPN or ExpressVPN will do.
If you want a VPN for any game console, as well as for a wide range of other devices, ExpressVPN is more likely to have a documented setup process.
If you want a dedicated IP address or more business-oriented features, choose NordVPN.
There you go. ExpressVPN vs. NordVPN. NordVPN pulls ahead in most of our comparisons, and the pricing advantage is particularly noticeable. Fundamentally, ExpressVPN stands out mostly in terms of its wide range of supported devices. So if Nord doesn’t support the device you want to use, check out ExpressVPN.
How do these choices fit your needs? Have you chosen a VPN provider already? What capabilities and characteristics helped you to make up your mind.
You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.

ZDNet Recommends More

Are you a LastPass Free user? The company has announced that changes are coming your way.

Currently, free users can access their LastPass account across device types, mobile, and desktop.
Starting March 16th, 2021, free users will only be able to choose between having access on their mobile devices (including mobile phones, smartwatches, and tablets) or their computers (including all browsers running on desktops and laptops).
On this date, free users will get the chance to choose between mobile and computers and will get three opportunities to switch the active device type to explore what’s right for them.
LastPass explains the changes as follows:
Sarah is a Free user with Computers as her active device type. She can use LastPass on her laptop, desktop, and her dad’s laptop (anyone’s computer!), but she can’t use LastPass on her phone, tablet, or smartwatch unless she upgrades to LastPass Premium, which has unlimited device type access. 
Steve is a Free user with Mobile Devices as his active device type. He can use LastPass on his iPhone, Android work phone, tablet, and smartwatch, but he can’t use LastPass on his desktop or laptop unless he upgrades to LastPass Premium, which has unlimited device type access. 
Also, as of May 17th, 2021, email support will only be available for Premium and Families customers.
Don’t like this? You can either migrate your passwords to another service or tool or pay LastPass the $2.25 per month (billed annually) for LastPass Premium. I’ve been a long-time LastPass Premium user, and I find the service to be very good.  More

While ransomware is the cyberattack most feared by businesses, another form of cybercrime is slipping under the radar, one that is proving highly lucrative for internet fraudsters – and costly to business.
A business email compromise (BEC) attack sees cyber criminals use social engineering to trick an employee at a business into transferring a large sum of money to an account controlled by the crooks.

More on privacy

Often these messages pretend to be from someone the victim knows, such as their boss, a colleague or another known and trusted business contact. The attackers can steal hundreds of thousands of dollars just by sending a few emails – and by the time the victim has realised they’ve been duped by cyber criminals, it’s too late.
SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic) 
And while ransomware is the most high profile form of cybercrime targeting businesses, it’s BEC scams that are the most financially damaging.
“When you look at some of the data that’s come out comparing business email compromise to things like ransomware, business email compromise by far comprises the most amount of financial loss for businesses, all over the world,” Crane Hassold, senior director of threat research at Agari, told ZDNet’s Security Update video series.
The FBI lists BEC as the cybercrime with the highest amount of reported losses, accounting for $1.77 billion in losses during 2019 alone. The losses as a result of ransomware over the same period account for a small amount in comparison $9 million dollars (although more recent ransomware numbers will be significantly higher).

“So while ransomware, gets all the news, it’s nothing compared to the amount of loss that’s caused by business email compromise,” said Hassold.
The lucrative nature of BEC scams is even pushing some cyber-criminal operations away from malware and ransomware attacks and towards wire-transfer fraud. One of these is a Russian-based hacking group that Agari identifies as Cosmic Lynx – they used to distribute malware attacks, but now they’re making much more money with phishing and email fraud.
“What we’ve seen over the past few years is that the cyber criminals have realized that their more technically sophisticated attacks have become less successful. And so what the cyber criminals have done is they’ve become less technically sophisticated in their attacks,” said Hassold.
“Thinking about this as a business from an overhead perspective, there’s not really much behind the scenes with a BEC attack, and so the amount of profit you’re able to make from those attacks is significantly higher,” he added.
SEE: Cybersecurity: This ‘costly and destructive’ malware is the biggest threat to your network
One of the reasons BEC is so successful is because the nature of doing business online means actions often need to be taken quickly – and with more people working remotely than ever before, checking to see if that email really came from your colleague is more difficult.
However, if an organisation sets up business processes that have to be followed and approval is needed from multiple people in order to send a wire transfer, it could go a long way to preventing BEC attacks.
“If there’s an established process for wire transfer and for wire-transfer requests, then a lot of BEC attacks would be stopped,” Hassold said.
MORE ON CYBERSECURITY More