Security / October 23, 2018

Gigamon Team Member, Part of ‘Under the Radar’ Industry Group, Helps Protect Online Users From Life-Altering Cyber Attacks

Not all superheroes have movies made in their namesake. Instead, some good guys and gals prefer to work under the radar, such as in the case of the Business Email Compromise (BEC) List. The BEC List is a private, collaborative group made up of industry professionals from both the private and public sectors. Other than being super skilled and smart in their field, these group members all share a common goal: Stopping the bad guys.

Like a mega-hit summertime blockbuster, when all goes according to plan their efforts pay off. Most recently, the group was recognized for preventing millions of dollars in fraud by helping to take down thousands of Nigerian-scheme email accounts. In recognition of this spotlight-worthy accomplishment, the BEC List received the 2018 JD Falk Award from the Messaging, Malware and Mobile Anti-Abuse Working group or, if you’re no good at tongue twisters, the M3AAWG.

BEC Fraud Ruins Lives

To shed a little more light on the subject, BEC fraud accounts for a whopping $12+ billion in losses globally and threatens users in 150 countries, according to the FBI. What’s more, this kind of fraudulent activity is so widespread in its approach that it can wreak serious havoc on those affected. Just this week, the U.S. Securities and Exchange Commission (SEC) released an investigation report detailing how nine publicly traded companies fell victim to fraudsters losing nearly $100 million combined. This award, in particular, specifically recognizes people who help protect online users from these devastating and life-altering events and we are proud to have one of our very own Gigamon team members as a BEC List recipient.

Protecting Corporate Networks

The SEC also recommended that companies take more care when training employees so that the accounting staff understands how those controls should work and what role each employee plays.

The cyberattacks targeted accounting department staff with emails that appeared to come from legitimate vendors or even corporate executives. In two cases, chief accounting officers were among those duped. In other cases, staff were asked to handle transactions outside their authority or outside their regular responsibilities, the SEC said.

“Our report emphasizes that all public companies have obligations to maintain sufficient internal accounting controls and should consider cyber threats when fulfilling those obligations,” said Stephanie Avakian, Co-Director of the SEC Enforcement Division, in a statement.

Competitors Collaborate to Combat Corruption

You know all those Batman versus Spiderman YouTube videos? They’re pretty fierce, and it’s tough to say which one will actually win. Now, imagine if they put aside their differences for a period of time and combined forces to combat some serious evil. That’s basically how the BEC List was formed.

The private list is managed by Ronnie Tokazowski, senior malware analyst at Flashpoint. The group includes cybersecurity professionals from some top-notch Fortune 500 companies, leading threat research organizations, anti-virus firms and internet infrastructure companies — many of which are direct competitors. Then there’s the law enforcement participants, which includes the FBI, the IRS Online Fraud Detection and Prevention group, and the U.S. Secret Service, among others.

While many members chose to remain anonymous, a partial list of participating organizations can be found here. More interestingly, you can watch this short video in which Tokazowski himself talks about what the group has learned about these catastrophic schemes, along with some of the seriously cool things they’ve done to combat the attackers.

Learn more about securing your network by checking out our home page,

Back to top