Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Business Email Compromise. Show all posts
VIPRE
Business Email Compromise Cyber crimes Cybersecurity trending news VIPRE

Business Email Compromise Soars in Q3 2024 as Cybercriminals Refine Tactics: VIPRE Report

 

Global cybersecurity provider VIPRE Security Group has published its Q3 2024 Email Threat Trends Report, revealing an alarming rise in business email compromise (BEC) and highlighting the evolving techniques cyber criminals are using to deceive employees and breach corporate security. According to VIPRE’s analysis of 1.8 billion global emails, 208 million were flagged as malicious, with BEC scams making up 58% of phishing attempts. 

VIPRE noted that 89% of these attacks used impersonation, often of senior executives or IT personnel, in an attempt to exploit employees’ trust in authority figures. The manufacturing sector experienced a notable 8% spike in BEC attacks this quarter, increasing from 2% in Q1 to 10% in Q3. 

The report attributes this surge partly to the industry’s extensive use of mobile devices for remote sign-ins, which can leave employees more vulnerable to attacks. Email threats during the quarter were predominantly scams (34%), commercial spam (30%), and phishing (20%), overshadowing ransomware and malware, which together made up less than 20% of email-based attacks. 

Despite their lower prevalence, ransomware and malware remain a significant concern in the cybersecurity industry. To evade detection by modern security measures, cybercriminals have started disguising malicious attachments as voicemails or essential security updates. Microsoft PDF and .DOCX files were the most common formats, with 2.18 million emails containing harmful attachments, representing a 30% rise from Q2’s 21%. In Q3, URL redirection became a popular technique among attackers, representing 52% of email-based scams. 

Cybercriminals used clean URLs within emails to bypass security checks, redirecting recipients to meticulously crafted fraudulent websites. VIPRE also observed a shift in malspam tactics, with attackers favouring attachments (64%) over malicious links (36%). Formats such as LNK, ZIP, and DOCX were common in these campaigns. 

Redline, a notorious malware family, remained the most prevalent, designed to steal sensitive data from web browsers. Usman Choudhary, VIPRE’s CPTO, emphasized the need for robust cybersecurity measures, especially as the holiday season approaches. “BEC email and phishing attacks are becoming more targeted and convincing,” he said, highlighting the urgency of employee education to counter these threats.
Read more »
Spear Phishing
AI threats Business Email Compromise CISOs Cyber Security Email Safety Generative AI Impersonation online threats Security Policies Spear Phishing

Adapting Cybersecurity Policies to Combat AI-Driven Threats

 

Over the last few years, the landscape of cyber threats has significantly evolved. The once-common traditional phishing emails, marked by obvious language errors, clear malicious intent, and unbelievable narratives, have seen a decline. Modern email security systems can easily detect these rudimentary attacks, and recipients have grown savvy enough to recognize and ignore them. Consequently, this basic form of phishing is quickly becoming obsolete. 

However, as traditional phishing diminishes, a more sophisticated and troubling threat has emerged. Cybercriminals are now leveraging advanced generative AI (GenAI) tools to execute complex social engineering attacks. These include spear-phishing, VIP impersonation, and business email compromise (BEC). In light of these developments, Chief Information Security Officers (CISOs) must adapt their cybersecurity strategies and implement new, robust policies to address these advanced threats. One critical measure is implementing segregation of duties (SoD) in handling sensitive data and assets. 

For example, any changes to bank account information for invoices or payroll should require approval from multiple individuals. This multi-step verification process ensures that even if one employee falls victim to a social engineering attack, others can intercept and prevent fraudulent actions. Regular and comprehensive security training is also crucial. Employees, especially those handling sensitive information and executives who are prime targets for BEC, should undergo continuous security education. 

This training should include live sessions, security awareness videos, and phishing simulations based on real-world scenarios. By investing in such training, employees can become the first line of defense against sophisticated cyber threats. Additionally, gamifying the training process—such as rewarding employees for reporting phishing attempts—can boost engagement and effectiveness. Encouraging a culture of reporting suspicious emails is another essential policy. 

Employees should be urged to report all potentially malicious emails rather than simply deleting or ignoring them. This practice allows the Security Operations Center (SOC) team to stay informed about ongoing threats and enhances organizational security awareness. Clear policies should emphasize that it's better to report false positives than to overlook potential threats, fostering a vigilant and cautious organizational culture. To mitigate social engineering risks, organizations should restrict access to sensitive information on a need-to-know basis. 

Simple policy changes, like keeping company names private in public job listings, can significantly reduce the risk of social engineering attacks. Limiting the availability of organizational details helps prevent cybercriminals from gathering the information needed to craft convincing attacks. Given the rapid advancements in generative AI, it's imperative for organizations to adopt adaptive security systems. Shifting from static to dynamic security measures, supported by AI-enabled defensive tools, ensures that security capabilities remain effective against evolving threats. 

This proactive approach helps organizations stay ahead of the latest attack vectors. The rise of generative AI has fundamentally changed the field of cybersecurity. In a short time, these technologies have reshaped the threat landscape, making it essential for CISOs to continuously update their strategies. Effective, current policies are vital for maintaining a strong security posture. 

This serves as a starting point for CISOs to refine and enhance their cybersecurity policies, ensuring they are prepared for the challenges posed by AI-driven threats. In this ever-changing environment, staying ahead of cybercriminals requires constant vigilance and adaptation.
Read more »
Scammers
BEC Attacks Business Email Compromise Cyber Crime Phishing Campaigns Psychological Tricks Scammers

Psychological Tactics Used by Cybercriminals to Conduct Malicious Activities


Recently, the emergence of finance and accounting related cyberattacks via phishing campaigns and Business Email Compromise (BEC) attack has been a hot topic for South African companies having gaps in their payment systems. 

BEC attack is a type of cybercrime wherein the threat actor poses as a trusted figure in order to dupe the victims to give off money or entice them into exposing confidential company information. 

However, according to Ryan Mer, CEO of eftsure Africa, a KYP platform provider, “robust financial controls together with strong server, IT, and email monitoring processes aren’t enough if staff aren’t savvy to the psychological tricks scammers use to manipulate people, making them more vulnerable to tricker and deception.” 

Mer rejects the idea that hackers target solely credulous, unskilled professionals. “The misconception that only foolish individuals fall victim to cybercrime and payment fraud is dangerous because it leads to complacency in the highly educated who occupy senior positions within organizations. Criminals engaging in payment are often well-skilled, well-resourced and armed with enough industry knowledge to appear legitimate.” 

Manipulating Trust and Competence 

Human tendencies to be cooperative, avoid conflict, and find quick and efficient solutions to problems are used as a bait by threat actor to obtain information or persuade their victims to take certain actions. 

A popular tactic is to pretend to be someone they know or trust in order to gain the trust of a potential victim. Examples include a worker receiving a letter from the financial director of a company telling them to make a quick payment to a vendor or an HR manager receiving a polite email from a worker asking that their bank information be altered for payroll purposes. 

Banking on Urgency 

While scammers are becoming more creative, a tried-and-true strategy that hackers frequently use is making their victims feel as though they need to act quickly. According to Mer, phishing emails and business email compromise scams are made to increase employees' likelihood of complying with potential threats they are supposed to notify. 

“Scammers lure victims into acting quickly before they have time to think rationally about the activities they’re undertaking. Implementing processes that require staff to slow down and double-check any actions that involve payments is vital,” he says. 

A new point of contact, a change in email address, or a change in banking information are examples of abrupt changes in customer or supplier business procedures that, he continues, should be viewed with care and thoroughly investigated before agreeing with an urgent request. 

Additional Automated Protection 

The continuous evolution in Cybercrime is making it a moving target. South Africa ranked third globally in terms of the number of cybercrime victims, according to Interpol's most recent African Cyberthreat Assessment Report, which was published in 2021. This crime costs the nation a staggering 2.2 billion yearly. 

“Ongoing education on the latest scams and the tactics used to execute them is crucial for South African companies. In addition, independent third-party verification systems like eftsure can offer a much-need extra layer of protection by automating payment checking and supplier verification, saving time on manual processes and reducing human error,” notes Mer.  

Read more »
Midnight Hedgehog
BEC Attacks Business Email Compromise Cyber Attacks Email Frauds Google Google Translate Mandarin Capybara Midnight Hedgehog

BEC Attacks: Google Translate Utilized to Scam Organizations in Any Language


Business Email Compromise (BEC) gangs are carrying out payment fraud scams in a more effective manner by utilizing translation tools and machine learning platforms, successfully dispensing fraudulent emails in multiple languages. 

What are Business Email Compromise Groups? 

BEC attacks entail posing as a senior executive or business partner and convincing a corporate target to wire large quantities of cash to a bank account under the attacker's control. 

Successfully launching the international variant of this cyberattack generally requires a lot of time and effort. The target must be sufficiently researched to make phishing lures plausible. Moreover, native speakers must be hired to translate frauds into other languages. Yet this is all changing as threat actors use free online technologies that reduce some of the need for manual work. 

Midnight Hedgehog and Mandarin Capybara are two BEC groups that best represent the trend, according to a research from Abnormal Security published this week. Both use Google Translate, which enables threat actors to quickly create convincing phishing lures in practically any language. 

Moreover, researchers in the study also cautioned that tools such as commercial business marketing services are aiding the success of less-resourced and less-sophisticated BEC attacks. They are mostly used by sales and marketing teams to find "leads," making it simple to locate the best targets regardless of their region. 

The fact that BEC attacks are already lucrative, causing $2.4 billion in damages in 2021 alone, according to the FBI's Crime Report, and the number of BEC attacks is constantly increasing, is bad news for defenders. Volumes are now likely to increase as some of the cost associated with performing them has been eliminated. 

BEC Groups Scale Fast with Translation, Marketing Tools 

Crane Hassold, director of threat intelligence of Abnormal Security in a report noted that Midnight Hedgehog has been since January 2021 and specialises in impersonating CEOs. 

Danish, Dutch, Estonian, French, German, Hungarian, Italian, Norwegian, Polish, Spanish, and Swedish are among the 11 languages that the company has so far identified in two significant phishing emails from the organization. The emails are lacking the simple mistakes that consumers are conditioned to look out for and regard as suspicious thanks to Google Translate's effectiveness. 

"We've taught our users to look for spelling mistakes and grammatical errors to better identify when they may have received an attack[…]When these are not present, there are fewer alarm bells to alert native speakers that something isn't right," the report said. 

Apparently, Midnight Hedgehog has requested payments ranging from $17,000 to $45,000. 

Mandarin Capybara, the second BEC threat organization mentioned in the report, sends emails posing as communications from business executives but with a twist: Paychecks are transferred to a controlled account via direct deposit by contacting payroll. 

Abnormal Security has noted that Mandarin Capybara targets businesses all over the world with phishing lures in Dutch, English, French, German, Italian, Polish, Portuguese, Spanish, and Swedish. However, unlike Midnight Hedgehog, which the report claimed sticks to non-English-speaking victims in Europe, Mandarin Capybara also targets businesses outside of Europe with phishing emails aimed at English speakers in the US and Australia. 

In some instances, they utilized the same tactics of fraudulent email accounts to distribute emails in multiple languages.

The reason why BEC campaigns are still in trend among threat actors is simply how they operate, where their victims receive these messages, deeming them legitimate, and act upon instructions they think are coming from their ‘boss,’ especially when the emails are written with correct grammar and spelling and the sender's signature style. 

"As email marketing and translation tools become more accurate, effective, and accessible, we'll likely continue to see hackers exploiting them to scam companies with increasing success," said Hassold. 

It is that organizations put procedures in place to make sure that large financial transactions are not approved by only one person and that people should be trained to be on the lookout for payment fraud attacks in addition to deploying appropriate cybersecurity tools to help catch BEC attacks. 

"It's important that organizations use email defenses that look for threats in a more holistic matter to be able to prevent more sophisticated BEC attacks. Defenses that simply rely on static or 'known bad' indicators will have a hard time detecting these attacks, which is why tools that leverage behavioral analytics are better equipped to spot more advanced BEC threats," concludes Hassold.    

Read more »
User Security
Business Email Compromise Data Breach Phishing Attack User Data User Security

West Virginia Hospitals Suffered a Data Breach Resulting from a Phishing Attack

 

A data breach occurred at a West Virginia hospital system as a result of a phishing assault, which provided hackers access to multiple email accounts. From May 10 to August 15, hackers gained access to various email accounts at Monongalia Health System, which operates Monongalia County General Hospital Company and Stonewall Jackson Memorial Hospital Company. These accounts held sensitive data from patients, providers, employees, and contractors. 

Mon Health completed its investigation into an email phishing incident that may have resulted in unauthorized access to emails and attachments in numerous Mon Health email accounts on October 29, 2021. Mon Health initially became aware of the situation on July 28, 2021, when a vendor reported not getting payment from Mon Health. In response, Mon Health initiated an investigation, which revealed that unauthorized individuals got access to a Mon Health contractor's email account and sent emails from the account in an attempt to collect funds from Mon Health via fraudulent wire transfers.

When Mon Health learned of this, it secured the contractor's email account and reset the password, alerted law authorities, and hired a third-party forensic firm to assist the investigation. The inquiry also revealed that the problem was limited to Mon Health's email system and did not touch the organization's electronic health records systems. There was also no evidence that any of Mon Health's other connected hospitals or healthcare facilities, including Mon Health Preston Memorial Hospital and Mon Health Marion Neighbourhood Hospital, were involved in or impacted by the incident. Importantly, the incident had no effect on Mon Health's services or operations or those of any of its connected hospitals or healthcare facilities. 

Patients who have been affected by the breach have been notified personally, and an assistance centre has been established to answer inquiries. Mon Health also stated that it is analyzing and improving its security processes and practices, including the implementation of multifactor authentication for remote access to its email system. 

“Business email compromise continues to be the silent killer for organizations and data breaches within various industries, including healthcare,” said James McQuiggan, security awareness advocate at security awareness training firm KnowBe4 Inc. “Utilizing a careful cynicism or a ‘trust and verify’ mindset, organizations can implement technology solutions and user processes to prevent these successful and effective attacks."

McQuiggan highlighted that, from a technological standpoint, implementing domain and sender email address verification is a straightforward patch to authenticate domains and emails and lessen the possibility of an attack by a "doppelganger domain."
Read more »
Zero-day Flaw
Business Email Compromise User Secuirty Vulnerabilities and Exploits Zero-day Flaw

Cybercriminals are Exploiting Zero-day Vulnerabilities at a Record Pace

 

The HP Wolf Security threat research team has discovered evidence that threat actors are mobilizing quickly to weaponize new zero-day vulnerabilities. 

According to HP Wolf Security Threat Insights Report, the attackers are abusing specific problems like CVE-2021-40444 -- the remote code execution flaw that enables exploitation of the MSHTML browser engine through Microsoft Office documents. The vulnerability was first identified by HP on September 8, a week before Microsoft released the patch.

By September 10, the HP threat research team detected scripts designed to automate the creation of this exploit being published it on GitHub. The exploit gives attackers a startlingly easy entry point into systems, deploying malware through an Office document that only needs very little user interaction.

The security researchers compile the report by examining the millions of endpoints running HP Wolf Security. The report shows that 12% of isolated email malware evaded at least one gateway scanner while 89% of malware spotted was delivered via email. Also, the web downloads were responsible for 11%, and other vectors like removable storage devices for less than 1%. 

The average time for a company to apply, test, and fully deploy patches with the proper checks is 97 days, giving threat actors an opportunity to exploit this 'window of vulnerability', explained Alex Holland, the senior malware analyst with the HP Wolf Security threat research team. 

"While only highly capable hackers could exploit this vulnerability at first, automated scripts have lowered the bar for entry, making this type of attack accessible to less¬ knowledgeable and resourced threat actors. This increases the risk to businesses substantially, as zero-day exploits are commoditized and made available to the mass market in venues like underground forums," Holland said. 

"Such novel exploits tend to be effective at evading detection tools because signatures may be imperfect and become obsolete quickly as the understanding of the scope of an exploit change. We expect threat actors to adopt CVE-2021-40444 as part of their arsenals, and potentially even replace common exploits used to gain initial access to systems today, such as those exploiting Equation Editor."

Unfortunately, some major platforms like OneDrive are allowing attackers to conduct 'flash in the pan' attacks. Although malware hosted on such platforms is generally taken down quickly, this does not deter attackers because they can often secure their goal of deploying malware in the few hours the links are live, Holland explained.

"Some threat actors are changing the script or file type they are using every few months. Malicious JavaScript and HTA files are nothing new, but they are still landing in employee inboxes, putting the enterprise at risk. One campaign deployed Vengeance Justice Worm, which can spread to other systems and USB drives," Holland added. 

Additionally, the researchers discovered threat actors exploiting Cloud and web providers to install malware as well as multiple malware families being hosted on Discord and other gaming social media platforms. 

With cyber-assaults increasing with each passing day, Dr. Ian Pratt, Global Head of Security for Personal Systems, HP Inc. believes that companies can’t keep relying on detection alone. He believes the threat landscape is too dynamic and, as highlighted in the analysis of threats captured, attackers are increasingly evolving to bypass any detection tool.

"Organizations must take a layered approach to endpoint security, following zero trust principles to contain and isolate the most common attack vectors like email, browsers, and downloads. This will eliminate the attack surface for whole classes of threats while giving organizations the breathing room needed to coordinate patch cycles securely without disrupting services," Pratt said.
Read more »
RATs
BEC Attacks Business Email Compromise Cyber Crime Nigerian Scammers Phishing Attacks RATs

Nigerian Scammers Specializing in BEC Attacks Continue to Mature

 

Cybersecurity researchers at Palo Alto Networks Unit 42 have actively tracked the evolution of SilverTerrier Nigerian Business Email Compromise (BEC) threat actors. 

From 2014 to the present, researchers have uncovered over 170,700 samples of malware directly linked to Nigerian BEC actors. These samples have been noticed in over 2.26 million phishing attacks targeting users across all industries worldwide.

Evolution of Nigerian threat actors 

Business email compromise (BEC) attacks are one of the most financially damaging cybercrimes and have been on the rise over the past seven years. The Nigerian threat actors dubbed SilverTerrier, have contributed greatly to this growth. These threat actors are responsible for collectively producing more than 170,700 samples of malware directly linked to 2.26 million attacks, according to Palo Alto Network findings. 

SilverTerrier specializes in business email compromise attacks, the kind of email fraud in which scammers impersonate a target’s coworker or friend, then ask for wire transfers. The focus on Nigerian threat actors provides insight into one of the world’s largest subcultures given Nigeria’s historic ranking as a top-five hotspot for cybercrime. 

When first discovered in 2014, SilverTerrier included only a few individuals experimenting with commodity malware. Presently, it has 540 individual threat actors performing attacks worldwide.

Researchers at Palo Alto Networks have traced one such individual named, Onuegwu Ifeany, who studied computer science at Imo State University and launched Ifemonums-Solution LTD as a legitimate business venture in late 2014. That same year, he began his criminal activities, and from 2014 until his arrest, he registered over 150 malicious domains for personal use and to support other actors. Many of these domains also served as command-and-control infrastructure for over 2,200 samples of malware, including Pony, LokiBot, PredatorPain, ISRStealer, ISpySoftware, Remcos, and NanoCore.

Over the past seven years, researchers have also discovered over 10 different commodity information stealer families employed by SilverTerrier actors, with more effective tools being adopted over older ones. Since 2014, the threat actors have employed 13 RAT families, with LuminosityLink, NJRat, Quasar, and WarZone dropping in popularity over time, but Netwire, DarkComet, NanoCore, Remcos, ImminentMonitor, Adwind, Hworm, Revenge, and WSHRat are still actively used. 

How to protect yourself against BEC attacks? 

According to GreatHorn report, nearly 50% of all BEC attacks result from the spoofing of an individual’s identity in the display name. Among those spear phishing emails, cybercriminals are also using company names (68%), names of individual targets (66%), and the name of boss/managers (53%) to conduct their attacks. By following the steps given below you can mitigate the risks: - 

  • Avoid free web-based e-mail accounts 
  • Enable multi-factor authentication for business email accounts
  • Don’t open any email from unknown parties
  • Secure your domain 
  • Double-check the sender’s email address
  • “Forward,” don’t “reply” to business emails 
  • Know your customers and vendor’s habit 
  • Always verify before sending money or data
Read more »
ransomware attacks
BEC frauds Business Email Compromise Cyber Security Ransom Ransom Attack Ransomware ransomware attacks

Ransomware Attacks At An All Time High, Reports Palo Alto

 

Presently, RaaS (ransom as a service) and ransomware attacks are at an all time high, topping the list in cybersecurity community since the last few months, threat actors and hackers are constantly attacking businesses, corporate and emails for personal monetory gains. The BEC (Business Email Compromise), EAC (personal email account compromise) , scams have caused the most threat and impact, as per the cybersecurity reports. 

FBI in its enquiry found that BEC and EAC accounts for a minimum $1.86 billion losses in 2020, that too in the US region only, a 5% jump in losses compared to 2019. EAC and BEC amount for 45% of total reported cybersecurity incidents in the US and 11% of users are over the age of 60. 

A roughly estimate suggests that largest reported ransomware payment till date has been $40 million. Unit 42 reports "when scammers use this tactic, it usually starts with a baited email enticing the recipient to open the attachment or click on the link to a webpage. 

The emails usually focus on some segment of business operations (including finance, human resources, logistics and general office operations) and point to an attachment or link related to topics requiring user action." Experts say that average ransomware demands in 2020 were $847,344, meanwhile, the average ransom that victims paid was $312,493. 

In 2021, the ransom amount paid has risen upto 82% to $570,000. The amount mentioned for average ransom clients paid only includes direct financial losses given in ransoms. They do not include losses related with organization which lost revenue while being compelled to work in a compromised state during a cyberattack, and do not consist resources cost during the incident breach, but only include attacks that are known. The company decides not to report a cybersecurity incident depending upon nature and impact of the ransomware attack. 

In the end, the decision complicates it for federal and cybersecurity agencies to calculate the full impact of these attacks. The EAC and BEC ransomware attacks have one thing in common, they need access privilege to victim's account and networks. 

"The lucrative nature of BEC/EAC scams drives criminals to continually modify and upgrade their tactics to defeat protections. One of the newer techniques integrates spear phishing, custom webpages and the complex cloud single sign-on ecosystem to trick users into unwittingly divulging their credentials," reports Unit 42 of palo alto networks.
Read more »
Email scam
Brute Force Attacks Business Email Compromise Credential Phishing Cyber Attacks Email Account Compromise Email scam

Credential Phishing and Brute Force Attacks Continue to Surge



Financial and reputational aspects of organizations across the globe are taking a severe hit as they witness advanced email threats from unprecedented email attacks that continue to escalate, as per a recent report by Abnormal Security. Unsuspecting victims fall prey to the schemes which are devised to make the malicious emails land directly into their inboxes evading security mechanisms. 

As threat actors continue to work around various phishing techniques, cyber-attacks via credential phishing and brute force continue to remain effective attack vectors. Advanced email threats such as 'Business Email Compromise' attacks are designed to safely bypass secure email gateways and other conventional security infrastructure allowing the operators to steal in billions each year.  

After gaining access to email accounts, attackers can leverage these accounts to target other associated employees including business partners, vendors, and co-workers. Consequently, it allows them to infiltrate other parts of the compromised organization. Cybercriminals use these credential phishing and brute force attacks to obtain sensitive information such as usernames, passwords, and passphrases. 

The report enlists in its key findings that 5% of all organizations fell prey to brute force attacks in early June 2021, while 73% of all sophisticated threats were credential phishing attacks. 

Since Q4 2020, business email compromise attacks underwent a rise by 22% whereas 61% of companies witnessed a vendor email compromise attack this quarter. Alongside, the experts also made a prediction that there is a 60% probability of an account takeover attack being successful each week for firms having over 50,000 employees. 

While commenting on the matter, Evan Reiser, CEO, Abnormal Security, said, “Socially-engineered attacks are dramatically rising within enterprises worldwide, creating unprecedented financial and reputational risks. These never-before-seen attacks are becoming more sophisticated with every passing day. They don’t contain indicators of compromise, such as links, attachments, and reputational risks, so they evade secure email gateways and other traditional email infrastructure, landing in inboxes where unsuspecting employees fall victim to their schemes, which include ransomware. To effectively protect against these attacks, we can no longer rely only upon established threat intelligence. To baseline good behavior, we need to look further to comprehensively understand employee and vendor identities and their relationships, all with deep context, including content and tone. Any subtle deviations from this baseline expose the possibility of a threat or attack.” 

Furthermore, the report highlights the rise of impersonation, and how cybercriminals are employing it to trick users into submitting sensitive data. Experts remark that the impersonation of internal systems namely IT Support and IT Help Desk has risen 46% in the last two quarters. 

Socially engineered credential phishing and account takeover attacks are surfacing as a major concern for enterprises worldwide because these attacks could potentially provide the access required to carry out other ransomware and malware-based attacks.
Read more »
email security
Business Email Compromise Data Breach Email Account Compromise email security

Remote Working Susceptible to Data Risks, 83% of Organizations at Suffer Email Breaches


As per the report by Egress, 95% of cybersecurity experts believe company and client data in e-mails is at risk. Besides this, a massive 83% of firms have been targets of data breaches through these attacks in the last twelve months. Human error is the primary cause of almost a quarter of these incidents, around 24% caused by an empty who shared data by mistake. For instance, forwarding an email that consists of important information to the wrong recipient or sending a wrong attachment. The report enquired 500 IT leaders and 3000 work from home employees in the US and UK across various vertical sectors consisting financial sector, legal, and healthcare. 

The downside of remote working 

Work from home culture has left employees highly dependent on working with emails, especially using them for sharing sensitive data. Since the start of the Covid-19 pandemic, 85% workforce has confirmed sending more emails. It has exposed the user to more risks and attacks involving outbound email data breaches. The report also revealed that around 60% of team members work in an environment that is usually buzzing with distractions and noise. These generally include communal spaces and shared home offices. 

Besides the problems related to confidentiality, these distractions that employees face in the work environment often lead to more risks of a data breach. The risk is intensified more by work stress and fatigue, report shows around 73% of employees said that they feel low due to the pandemic. The blend of home and work life resulted in many employees working for long hours in an overwhelming environment, while both of these factors increasing the chances of a data breach. 

Tony Pepper, CEO, Egress said "it's clear to see that legacy DLP tools are no longer fit for purpose; they’re difficult to use and because they can’t take people’s behavior into consideration, they’re limited in their ability to mitigate the rising tide of email data breaches in this new world of remote working. He further said, "employees continue to work in challenging environments, and the lines between work and home life have been blurred. All of this contributes to the likelihood that a costly mistake might be made."
Read more »
Phishing emails
Business Email Compromise Cyberattack Email scam Phishing and Spam Phishing Attack Phishing emails

Massive BEC Phishing Ring Uncovered, 3 Nigerian Nationals Arrested

 

In the city of Lagos, three Nigerian nationals suspected of participation in an organized cybercrime group behind malware distribution, phishing attacks, and a massive business email compromise (BEC) ring responsible for scams globally, have been arrested under “Operation Falcon” carried out jointly by international police organization with Nigeria Police Force and Singapore-based cybersecurity firm Group-IB, according to the reports by Interpol. 
 
In a Business Email Compromise (BEC) attack, the threat actor hacks and spoofs email to impersonate an organization’s CEO, vendors, or senior executives to trick employees and customers by gaining their trust; which later is exploited as the attackers encourage actions relating to funds transfer to criminal’s account or transferring confidential data, in some cases. 
 
The cybercriminals behind the operations performed a number of their phishing campaigns in disguise; masked as product inquiries, Coronavirus aid, or purchasing orders. Stealing authentication data from emails, web browsers, and FTP clients from organizations based in the UK, the US, Japan, Nigeria, and Singapore, has been identified as the primary objective of these phishing attacks, as per Group IB. 
 
As the ongoing investigation continues to uncover other suspects and monetization means employed by the ring, around 50,000 targeted victims have been discovered, so far. Allegedly, the participants of the rings developed phishing links and domains before performing mass BEC campaigns wherein they sophisticatedly targeted corporations of all sizes. Reportedly, 26 different malware variants were being deployed by the criminals including remote access Trojans (RATs) and spyware. 
 
"They then used these campaigns to disseminate 26 malware programmes, spyware, and remote access tools, including AgentTesla, Loki, Azorult, Spartan, and the nanocore and Remcos Remote Access Trojans,’ the INTERPOL said. 
 
"This group was running a well-established criminal business model," Interpol's Cybercrime Director Craig Jones noted. "From infiltration to cashing in, they used a multitude of tools and techniques to generate maximum profits." 
 
“These programs were used to infiltrate and monitor the systems of victim organizations and individuals, before launching scams and siphoning funds,” as per an announcement by INTERPOL. “According to Group-IB, the prolific gang is believed to have compromised government and private-sector companies in more than 150 countries since 2017.”
Read more »
Spoofing Attack
BEC frauds Business Email Compromise CyberCrime Spoofing Attack

Business Email Compromise: Most Common Online Scam?


More and more small and medium enterprises are being affected by business e-mail compromise, according to a webinar, conducted by the PHD Chamber of Commerce and Industry.


Business Email Compromise also known as BEC is a security exploit in which the threat actor obtains access to a corporate email account having links to company funds and then attempts to defraud the company or the employees by spoofing the targeted employee's identity. The attackers manipulate the target to transfer money into a bank account that belongs to them.

In the year 2019, BEC scams have amounted for losses of more than $1.77 billion, as per the FBI's Internet Crime Report. Businesses are being warned as BEC exploits surge due to the ongoing pandemic; companies that rely primarily on wire transfers to transfer money to international customers are the most common target of BEC.

An infected email network can cause a significant amount of damage to a company's interests, therefore safeguarding an enterprise is crucial – along with empowering employees, it will also shield business interests and longevity.

While giving insights on the subject matter, deputy commissioner of police (cyber) Anyesh Roy said, “The fraudsters do compromise with the email account of the person who is dealing with the company accounts and financial transactions. They create an email account that is similar to either company’s or client’s account. They come in the middle and start interacting with both the parties. They change the destination of financial transactions on some pretext, following which the money goes to the fraudsters’ account.”

“Whatever an instruction has been received from the client about changing the destination of banking account, it needs to be confirmed through alternate means, including phone call, e-mail, and other.”

“Cyber-crime is like any other crime and one can report it anywhere at any police station or DCP office. The complaint can be registered through e-mail also. Cyber-crimes are happening through digital medium and the evidences can easily be destroyed so the victim needs to capture it as a screenshot and give it to police with their complaint,” the officer added.
Read more »
USA
Business Email Compromise Cloud based services CyberCrime FBI phishing USA

BEC Scams Cost American Companies Billions!


Business Email Compromise (BEC) scams have surfaced among several US companies and have caused them damage costing along the lines of Billions, mentions a warning of the Federal Bureau of Investigation.

Per sources, BECs are “sophisticated scams” aiming at businesses involving electronic payments encompassing “wire transfers or automated clearing house transfers”. Usually, these scams include a cyber-con penetrating a legitimate business email account via device intrusion procedures.

Once the access has been acquired, the cyber-con is free to deceitfully dive into the email account to obtain funds by sending emails to suppliers, loaded with invoices of modified bank account details.

The hit list mostly consists of organizations that employ cloud-based email services, which makes it easier to go for Business Email Compromise (BEC) scams.

Per FBI, specially engineered “phish kits” with the ability to impersonate the cloud-based email services are used to prompt these scams only to exploit the business accounts and request or mi-sallocate funds.

Sources mention that the Internet Crime Complaint Center (IC3) received numerous complaints over the past years about companies having experienced damages amounting to a couple of Billions in “actual losses” as a result of the BEC scams.

The IC3 focused their attention on the BEC scams right after their number began to multiply rapidly across all the states of America.

The issue allegedly stands in the configuration of the cloud-based services which makes it almost effortless for cyber-criminals to exploit the company’s email accounts.

Obviously most cloud-based services are laden with security measures that intend to block all the BEC attempts. But that depends on the ability of the users to make good use of them. The maximum of these features needs to be enabled and manually configured.

Per sources, what makes these scams dangerous is that any organization, big or small, with kerbed IT resources is vulnerable.

The cyber-cons in addition to having control over the email accounts, usually also retrieve the address books of the exploited accounts to have a list of potential targets. Hence, a single bad apple could affect the entire basket, meaning a single affected organization could have ramifications for the entire business industry.

Read more »
Email Hacking
Aeronautical Aeronautical Development Agency Business Email Compromise Email Email Account Compromise Email Hacking

Aeronautical agency’s email account hacked

The official email account of the Aeronautical Development Agency (ADA) was recently hacked and data manipulated, allegedly by a private aerospace engineering company.

The hackers breached into the TAN login and even changed a mobile number linked the certain account and unauthorised online corrections were made to manipulate tax returns of a private aerospace engineering company in Bengaluru.

Rangarajan S (58), a senior executive with the ADA, filed a complaint with the cybercrime police of the Criminal Investigation Department (CID) seeking legal action against unknown hackers on June 4. Based on the complaint, the police registered a case under various sections of the Information Technology Act and are probing.

In his complaint, Rangarajan said the hackers not only accessed details of financial transactions, but also made changes in the TDS for 2017-18. In addition to this, the hackers also allegedly changed the password, email ID and mobile IDs, and updated the PAN details of the company they belonged to. The police said the fraud might have occurred between March and May this year and come to light recently during the verification of official accounts.

“On March 31, an amount of Re 1 has been remitted to ADA’s TAN number. Also, some unknown person has filed 27EQ return of 4th quarter FY 2018-19 offline on May 7 (possibly at TIN-FC centre). ADA’s TDS Reconciliation and Correction Enabling Systems user ID and login password have been accessed unauthorisedly on May 14.”

Confirming the account’s hacking, senior ADA officials said that though there has been a breach in the account, there is no security concern. “This is not a serious issue as the account was in the open domain. No data pertaining to the agency has been compromised,” an officer said.

The cybercrime police are trying to ascertain the motive behind the hacking.
Read more »
Phishing scam
Business Email Compromise Financial Loss Phishing scam

European Cinema Chain Loses an Astonishing US$21.5 Million to a Business Email Compromise




An European-based cinema chain Pathé lost an enormous fortune of around 19 million euros (US$21.5 million) to a business email compromise (BEC) scam in March 2018 by an attack, which kept running for about a month and ultimately costed the organization 10 percent of its aggregate profit.

The scammers here deserted setting the 'fake President' against the 'real CFO' for faking French head office missives to the Dutch management.

Beginning with the following mail:
“We are currently carrying out a financial transaction for the acquisition of foreign corporation based in Dubai. The transaction must remain strictly confidential. No one else has to be made aware of it in order to give us an advantage over our competitors.”

Even however the CFO and Chief considered it odd, they pushed on in any case and still sent more than 800,000 in Euros. At the point when more demands pursued, including a few while the CFO was on furlough—the two executives were fired not long after the head office took note of the situation.

In spite of the fact that they weren't associated with the fraud, Pathé said they could and should have seen the warnings. The business email compromise endeavor was devastatingly effective as they failed to take note of the warnings and there was no security net set up.

Typically a business email compromise is a sort of phishing attack, topped with a dash of 'targeted' social engineering however this specific BEC scam was very intriguing since it featured a somewhat extraordinary way to deal with the attack.

As the business email compromise keeps on developing in ubiquity among the scammers, and it's up to us to battle it. It is progressively essential for any and each organization to consider the BEC important. 

 BECs being a standout amongst the most slippery dangers around it is advised for the all the clients to keep their funds operating at a profit as a need, regardless of the fact that whether they disseminate motion pictures, IT administrations, or anything else for the matter.

Read more »
Subscribe to: Posts (Atom)