Cyber security experts of Applied Connective warn of rise in BEC & AiTM attacks

Applied Connective Logo Sign View

Cyber attacks on organizations of every size have been on an alarmingly steep rise as of late—specifically business email compromise (BEC) and adversary in the middle (AiTM) attacks, which are some of the most financially damaging (think wire fraud and ACH fraud). 

Though these tactics are more devious and sophisticated than ever, they are preventable!

We feel a sense of urgency and obligation to implore our customers to be extremely cautious in your email handling practices and online activity, and ALWAYS VERIFY the legitimacy of a request before taking any action. It costs nothing to pick up the phone and call the supposed sender of an email before changing their payment information, for instance.

In recent months, it has gutted us to witness many Nebraska businesses fall victim to substantial cyber fraud.

If you are a managed IT client of ours, know that we have many layers of security in place to protect your organization. However, having the best seat belt, air bag, and car insurance doesn’t mean you should drive recklessly. A highly sophisticated AiTM attack on a naive end-user can still cause damage and cost your company in dollars, data, and damage to your reputation.

Knowledge is power.

An educated end-user is an empowered one and is far less likely to be duped or deceived. Below, we’ve included more information about the workings of these attacks as well as best practices for handling questionable emails.

Please share this information with your team or organization, as the end-user is your last line of defense.

Cyber Security Featured Photo View

What is business email compromise?

Business email compromise (BEC) is an exploit and often a phishing attack in which an attacker obtains access to a business email account and imitates the mailbox owner’s identity in order to defraud the company and its employees, customers, or partners. The culprit poses as a trusted figure, then asks for a fake bill to be paid or for sensitive data they can use in another scam. BEC scams are on the rise due to increased remote work—there were nearly 20,000 BEC complaints to the FBI last year. BEC incidents can lead to potential data theft and ransomware deployment as the attacker gains knowledge and understanding of business systems.

What is an AiTM attack?

This is a type of attack that involves session hijacking. It may originate from a compromised trusted vendor and transition into “adversary in the middle,” in which the attacker waits for a victim to log into an application (such as a banking or email account), and then swoops in to steal the session cookie. The attacker then uses the cookie to log into the owner’s account but, instead, from the attacker’s browser. This allows the attacker to bypass MFA methods for a time determined by the cookie expiration period, which may be minutes, hours, or days.

Tips and Pointers on Spotting and Handling BEC & AiTM attacks

The key practice we want to stress (and it is absolutely free and effective) is:

ALSO IMPORTANT:

BOTTOM LINE:

If a request is unusual, unprompted, uncharacteristic of the sender, urges you to perform a task, or involves financial or other personal sensitive information, it warrants a phone call (or if they’re in your office, a face to face).

As always, please call or email us with any questions or concerns. Your security is our priority.

 

And ask us about cyber security awareness training! We’ll periodically test your organization’s end-users with fake phishing emails to identify areas where you may be vulnerable, and we’ll follow up with specific targeted education and training.

 

Stay vigilant and stay safe!

Share this post

Kory Bourek

IT Support Specialist

Kyle Oldenkamp

Relationship Manager

Shelby James

IT Support Specialist in the Panhandle

Mandy Luettel

Director of Growth & Development

Noah Burwell

IT Support Specialist

Chase Gragg

IT Support Specialist

Vaughn Finkral

IT Support Specialist

Ron Leimser

IT Support Specialist

Jill Petsche

IT Support Specialist

Nevan Hoffman

IT Support Specialist

Lacey Henn

Administrative Assistant

Andrew Grupp

IT Support Specialist

Heath Murray

IT Support Specialist

Will Frey

AVS Technician

Konnor Gibson

IT Systems Specialist

  • Peanut butter
  • Canned soup
  • Canned fruit
  • Canned vegetables
  • Canned stew
  • Canned fish
  • Canned chicken
  • Canned beans
  • Whole grain pasta
  • Whole grain cereals
  • Rice
  • Applesauce
  • Instant mashed potatoes
  • Powdered milk
  • Boxed meals
  • Cooking oils
  • Crackers
  • Granola bars
  • Deodorant
  • Toothpaste
  • Mouthwash
  • Detergent
  • Hand soap
  • And any other food, hygiene, or household product that is unused, unopened, and unexpired.

Kenley Silhacek

Senior IT Systems Engineer

Mason Uhing

IT Support Specialist

Faith Nunn

IT Support Specialist

Kara Frey

Administrative Assistant

Brandi Lueninghoener

IT Support Specialist

“Lakeview Community Schools has enjoyed our partnership with Applied Connective. They have been incredibly responsive, knowledgeable, and cooperative as we have worked together. Applied Connective has provided a team-like atmosphere in their service!”

Aaron Plas, Superintendent

Lakeview Community Schools

“We have been very pleased with their communication, efficiency, and customer service over the course of the last few years. We would highly recommend ACT to any other schools out there looking for a reliable partner for your technology needs.”

Brandon Detlefsen, Technology Director

Central City Public Schools

“Their service is always reliable and timely, and the staff are very knowledgeable and friendly. Our needs are their #1 priority! Boone Central is beyond grateful to have top-of-the line technology services and customer support.”

Nicole Hardwick, Superintendent

Boone Central Public Schools

“They’ve been with us every step of the way as we implemented phone systems, security cameras, and keypad doors. Their customer service is second to none, and their business knowledge is outstanding.”

Ronda Weber, Technology Coordinator

Burwell Public School

Applied Connective did an amazing job with our school security cameras. They were very professional and easy to work with. [They’re] patient with our questions and quickly respond when we need some direction. The cameras work great and are very easy to access. Thank you for a job well done!”

Amy Sokol, Principal

St. Anthony's School

Lance Bain

Voice Technician

Brigitte Burbach

HR Manager

Clay Anderson

IT Support Specialist

Brandon Petersen

Relationship Manager & IT Engineer

Relationship Manager/IT Engineer – I work side by side with our clients to ensure they are receiving the best value from our products and services, offer insights to improve their workflows, and resolve any issues that may arise as fast as possible.

Logan Niewohner

IT Systems Specialist

Justin Borgmann

Level 1 IT Technician

As a level 1 IT Technician, I assist customers in their daily IT needs, and respond to any issues that may arise.

Bryce Molt

Level 1 IT Technician

As a Level 1 IT Technician, I provide general help desk support for clients.

Weston Ray

Warehouse

Casey Schalk

AVS Technician

My role as a general technician at Applied Connective is primarily to work with the AVS crew to install and configure surveillance, internet, security, and voice technologies.

Grady Higgins

IT Support Specialist

Eric Beckman

AVS Project Foreman

Kris Wright

General Technician

My role as General Technician includes installation and troubleshooting of door access and camera security systems.

Mikki Mangus

General Accountant

Some of my duties as General Accountant include payroll, accounts receivable, accounts payable and reconciliation. I am happy that I am part of the Applied Connective Team.

Heidi Kahlo

IT Technician

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

Eric Petsche

General Technician

My role as a general technician at Applied Connective is primarily to work with the AVS crew to install and configure surveillance, security, Internet, and voice technologies.

Kelsi Funk

IT Systems Specialist

Chase Thieman

AVS Technician

My role as an AVS technician at Applied Connective is to work with the AVS team to install and configure surveillance, security, internet, and voice technologies.

Cody Banzhaf

IT Manager

Eric Henn

Voice Technician

My job is to do whatever Ed tells me to. Just kidding…sort of. I am part of the voice group.

Alex Herstedt

Telecom / IT Technician

As a Telecom/IT Technician, I work with traditional and hosted phone systems.

Scott Whaley

Level 2 IT Technician

I’m part of the IT team at Applied Connective, so my days are spent setting up new PCs for customers; troubleshooting broken PCs, printers, etc., and installing new hardware.  

Jessi Larson

Creative & Marketing

I’m in charge of creative content development and marketing here at Applied Connective—advertising, design, copywriting, website management, PR, and social media as well as coordinating philanthropy efforts.

Matt Childress

Relationship Manager

Sara Rasmussen

IT Service Manager

Nathan Niewohner

IT Project Manager

Justin Niewohner

AVS Project Manager

I install surveillance, security, Internet, phone, and audio systems to fit our customers’ needs.

Ryan Robinson

AVS Service Technician

I provide and coordinate technical services and support for infrastructure, access control, surveillance, and audio/video solutions.

Jarod Dendinger

VP of Business Development

My role here at Applied Connective centers on business development, so that involves assisting our team in focusing on value-added processes as well as leveraging technology to provide solutions for our business partners that support them in continued success and growth.

Will Zoucha

VP of Operations

Ed Knott

President

As President at Applied Connective, I am responsible for organizational direction and general oversight of all product/service areas.