Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Business Email Compromise. Show all posts
phishing
AI threats Business Email Compromise Cyber Attacks email security Hacking phishing

Phishing Attacks Surge by 30% in Australia Amid Growing Cyber Threats

 

kAustralia witnessed a sharp 30% rise in phishing emails last year, as cybercriminals increasingly targeted the Asia-Pacific (APAC) region, according to a recent study by security firm Abnormal Security. The APAC region’s expanding presence in critical industries, such as data centers and telecommunications, has made it a prime target for cyber threats.

Across APAC, credential phishing attacks surged by 30.5% between 2023 and 2024, with New Zealand experiencing a 30% rise. Japan and Singapore faced even greater increases at 37%. Among all advanced email-based threats—including business email compromise (BEC) and malware attacks—phishing saw the most significant spike.

“The surge in attack volume across the APAC region can likely be attributed to several factors, including the strategic significance of its countries as epicentres for trade, finance, and defence,” said Tim Bentley, Vice President of APJ at Abnormal Security.

“This makes organisations in the region attractive targets for complex email campaigns designed to exploit economic dynamics, disrupt essential industries, and steal sensitive data.”

Between 2023 and 2024, advanced email attacks across APAC—including Australia, New Zealand, Japan, and Singapore—rose by 26.9% on a median monthly basis. The increase was particularly notable between Q1 and Q2 of 2024 (16%) and further escalated from Q2 to Q3 (20%).

While phishing remains the primary attack method, BEC scams—including executive impersonation and payment fraud—grew by 6% year-over-year. A single successful BEC attack cost an average of USD $137,000 in 2023, according to Abnormal Security.

Australia has long been a key target for cybercriminals. A 2023 Rubrik survey revealed that Australian organizations faced the highest data breach rates globally.

Antoine Le Tard, Vice President for Asia-Pacific and Japan at Rubrik, previously noted that Australia’s status as an early adopter of cloud and enterprise security solutions may have led to rapid deployment at the expense of robust cybersecurity measures.

The Australian Signals Directorate reported that only 15% of government agencies met the minimum cybersecurity standards in 2024, a steep drop from 25% in 2023. The reluctance to adopt passkey authentication methods further reflects the cybersecurity maturity challenges in the public sector.

The widespread accessibility of AI chatbots has altered the cybersecurity landscape, making phishing attacks more sophisticated. Even jailbroken AI models enable cybercriminals to create phishing content effortlessly, reducing technical barriers for attackers.

AI-driven cyber threats are on the rise, with AI-powered chatbots listed among the top security risks for 2025. According to Vipre, BEC attacks in Q2 2024 increased by 20% year-over-year, with two-fifths of these scams generated using AI tools.

In June, HP intercepted a malware-laden email campaign featuring a script that was “highly likely” created using generative AI. Cybercriminals are also leveraging AI chatbots to establish trust with victims before launching scams—mirroring how businesses use AI for customer engagement.
Read more »
VIPRE
Business Email Compromise Cyber crimes Cybersecurity trending news VIPRE

Business Email Compromise Soars in Q3 2024 as Cybercriminals Refine Tactics: VIPRE Report

 

Global cybersecurity provider VIPRE Security Group has published its Q3 2024 Email Threat Trends Report, revealing an alarming rise in business email compromise (BEC) and highlighting the evolving techniques cyber criminals are using to deceive employees and breach corporate security. According to VIPRE’s analysis of 1.8 billion global emails, 208 million were flagged as malicious, with BEC scams making up 58% of phishing attempts. 

VIPRE noted that 89% of these attacks used impersonation, often of senior executives or IT personnel, in an attempt to exploit employees’ trust in authority figures. The manufacturing sector experienced a notable 8% spike in BEC attacks this quarter, increasing from 2% in Q1 to 10% in Q3. 

The report attributes this surge partly to the industry’s extensive use of mobile devices for remote sign-ins, which can leave employees more vulnerable to attacks. Email threats during the quarter were predominantly scams (34%), commercial spam (30%), and phishing (20%), overshadowing ransomware and malware, which together made up less than 20% of email-based attacks. 

Despite their lower prevalence, ransomware and malware remain a significant concern in the cybersecurity industry. To evade detection by modern security measures, cybercriminals have started disguising malicious attachments as voicemails or essential security updates. Microsoft PDF and .DOCX files were the most common formats, with 2.18 million emails containing harmful attachments, representing a 30% rise from Q2’s 21%. In Q3, URL redirection became a popular technique among attackers, representing 52% of email-based scams. 

Cybercriminals used clean URLs within emails to bypass security checks, redirecting recipients to meticulously crafted fraudulent websites. VIPRE also observed a shift in malspam tactics, with attackers favouring attachments (64%) over malicious links (36%). Formats such as LNK, ZIP, and DOCX were common in these campaigns. 

Redline, a notorious malware family, remained the most prevalent, designed to steal sensitive data from web browsers. Usman Choudhary, VIPRE’s CPTO, emphasized the need for robust cybersecurity measures, especially as the holiday season approaches. “BEC email and phishing attacks are becoming more targeted and convincing,” he said, highlighting the urgency of employee education to counter these threats.
Read more »
Spear Phishing
AI threats Business Email Compromise CISOs Cyber Security Email Safety Generative AI Impersonation online threats Security Policies Spear Phishing

Adapting Cybersecurity Policies to Combat AI-Driven Threats

 

Over the last few years, the landscape of cyber threats has significantly evolved. The once-common traditional phishing emails, marked by obvious language errors, clear malicious intent, and unbelievable narratives, have seen a decline. Modern email security systems can easily detect these rudimentary attacks, and recipients have grown savvy enough to recognize and ignore them. Consequently, this basic form of phishing is quickly becoming obsolete. 

However, as traditional phishing diminishes, a more sophisticated and troubling threat has emerged. Cybercriminals are now leveraging advanced generative AI (GenAI) tools to execute complex social engineering attacks. These include spear-phishing, VIP impersonation, and business email compromise (BEC). In light of these developments, Chief Information Security Officers (CISOs) must adapt their cybersecurity strategies and implement new, robust policies to address these advanced threats. One critical measure is implementing segregation of duties (SoD) in handling sensitive data and assets. 

For example, any changes to bank account information for invoices or payroll should require approval from multiple individuals. This multi-step verification process ensures that even if one employee falls victim to a social engineering attack, others can intercept and prevent fraudulent actions. Regular and comprehensive security training is also crucial. Employees, especially those handling sensitive information and executives who are prime targets for BEC, should undergo continuous security education. 

This training should include live sessions, security awareness videos, and phishing simulations based on real-world scenarios. By investing in such training, employees can become the first line of defense against sophisticated cyber threats. Additionally, gamifying the training process—such as rewarding employees for reporting phishing attempts—can boost engagement and effectiveness. Encouraging a culture of reporting suspicious emails is another essential policy. 

Employees should be urged to report all potentially malicious emails rather than simply deleting or ignoring them. This practice allows the Security Operations Center (SOC) team to stay informed about ongoing threats and enhances organizational security awareness. Clear policies should emphasize that it's better to report false positives than to overlook potential threats, fostering a vigilant and cautious organizational culture. To mitigate social engineering risks, organizations should restrict access to sensitive information on a need-to-know basis. 

Simple policy changes, like keeping company names private in public job listings, can significantly reduce the risk of social engineering attacks. Limiting the availability of organizational details helps prevent cybercriminals from gathering the information needed to craft convincing attacks. Given the rapid advancements in generative AI, it's imperative for organizations to adopt adaptive security systems. Shifting from static to dynamic security measures, supported by AI-enabled defensive tools, ensures that security capabilities remain effective against evolving threats. 

This proactive approach helps organizations stay ahead of the latest attack vectors. The rise of generative AI has fundamentally changed the field of cybersecurity. In a short time, these technologies have reshaped the threat landscape, making it essential for CISOs to continuously update their strategies. Effective, current policies are vital for maintaining a strong security posture. 

This serves as a starting point for CISOs to refine and enhance their cybersecurity policies, ensuring they are prepared for the challenges posed by AI-driven threats. In this ever-changing environment, staying ahead of cybercriminals requires constant vigilance and adaptation.
Read more »
Scammers
BEC Attacks Business Email Compromise Cyber Crime Phishing Campaigns Psychological Tricks Scammers

Psychological Tactics Used by Cybercriminals to Conduct Malicious Activities


Recently, the emergence of finance and accounting related cyberattacks via phishing campaigns and Business Email Compromise (BEC) attack has been a hot topic for South African companies having gaps in their payment systems. 

BEC attack is a type of cybercrime wherein the threat actor poses as a trusted figure in order to dupe the victims to give off money or entice them into exposing confidential company information. 

However, according to Ryan Mer, CEO of eftsure Africa, a KYP platform provider, “robust financial controls together with strong server, IT, and email monitoring processes aren’t enough if staff aren’t savvy to the psychological tricks scammers use to manipulate people, making them more vulnerable to tricker and deception.” 

Mer rejects the idea that hackers target solely credulous, unskilled professionals. “The misconception that only foolish individuals fall victim to cybercrime and payment fraud is dangerous because it leads to complacency in the highly educated who occupy senior positions within organizations. Criminals engaging in payment are often well-skilled, well-resourced and armed with enough industry knowledge to appear legitimate.” 

Manipulating Trust and Competence 

Human tendencies to be cooperative, avoid conflict, and find quick and efficient solutions to problems are used as a bait by threat actor to obtain information or persuade their victims to take certain actions. 

A popular tactic is to pretend to be someone they know or trust in order to gain the trust of a potential victim. Examples include a worker receiving a letter from the financial director of a company telling them to make a quick payment to a vendor or an HR manager receiving a polite email from a worker asking that their bank information be altered for payroll purposes. 

Banking on Urgency 

While scammers are becoming more creative, a tried-and-true strategy that hackers frequently use is making their victims feel as though they need to act quickly. According to Mer, phishing emails and business email compromise scams are made to increase employees' likelihood of complying with potential threats they are supposed to notify. 

“Scammers lure victims into acting quickly before they have time to think rationally about the activities they’re undertaking. Implementing processes that require staff to slow down and double-check any actions that involve payments is vital,” he says. 

A new point of contact, a change in email address, or a change in banking information are examples of abrupt changes in customer or supplier business procedures that, he continues, should be viewed with care and thoroughly investigated before agreeing with an urgent request. 

Additional Automated Protection 

The continuous evolution in Cybercrime is making it a moving target. South Africa ranked third globally in terms of the number of cybercrime victims, according to Interpol's most recent African Cyberthreat Assessment Report, which was published in 2021. This crime costs the nation a staggering 2.2 billion yearly. 

“Ongoing education on the latest scams and the tactics used to execute them is crucial for South African companies. In addition, independent third-party verification systems like eftsure can offer a much-need extra layer of protection by automating payment checking and supplier verification, saving time on manual processes and reducing human error,” notes Mer.  

Read more »
Midnight Hedgehog
BEC Attacks Business Email Compromise Cyber Attacks Email Frauds Google Google Translate Mandarin Capybara Midnight Hedgehog

BEC Attacks: Google Translate Utilized to Scam Organizations in Any Language


Business Email Compromise (BEC) gangs are carrying out payment fraud scams in a more effective manner by utilizing translation tools and machine learning platforms, successfully dispensing fraudulent emails in multiple languages. 

What are Business Email Compromise Groups? 

BEC attacks entail posing as a senior executive or business partner and convincing a corporate target to wire large quantities of cash to a bank account under the attacker's control. 

Successfully launching the international variant of this cyberattack generally requires a lot of time and effort. The target must be sufficiently researched to make phishing lures plausible. Moreover, native speakers must be hired to translate frauds into other languages. Yet this is all changing as threat actors use free online technologies that reduce some of the need for manual work. 

Midnight Hedgehog and Mandarin Capybara are two BEC groups that best represent the trend, according to a research from Abnormal Security published this week. Both use Google Translate, which enables threat actors to quickly create convincing phishing lures in practically any language. 

Moreover, researchers in the study also cautioned that tools such as commercial business marketing services are aiding the success of less-resourced and less-sophisticated BEC attacks. They are mostly used by sales and marketing teams to find "leads," making it simple to locate the best targets regardless of their region. 

The fact that BEC attacks are already lucrative, causing $2.4 billion in damages in 2021 alone, according to the FBI's Crime Report, and the number of BEC attacks is constantly increasing, is bad news for defenders. Volumes are now likely to increase as some of the cost associated with performing them has been eliminated. 

BEC Groups Scale Fast with Translation, Marketing Tools 

Crane Hassold, director of threat intelligence of Abnormal Security in a report noted that Midnight Hedgehog has been since January 2021 and specialises in impersonating CEOs. 

Danish, Dutch, Estonian, French, German, Hungarian, Italian, Norwegian, Polish, Spanish, and Swedish are among the 11 languages that the company has so far identified in two significant phishing emails from the organization. The emails are lacking the simple mistakes that consumers are conditioned to look out for and regard as suspicious thanks to Google Translate's effectiveness. 

"We've taught our users to look for spelling mistakes and grammatical errors to better identify when they may have received an attack[…]When these are not present, there are fewer alarm bells to alert native speakers that something isn't right," the report said. 

Apparently, Midnight Hedgehog has requested payments ranging from $17,000 to $45,000. 

Mandarin Capybara, the second BEC threat organization mentioned in the report, sends emails posing as communications from business executives but with a twist: Paychecks are transferred to a controlled account via direct deposit by contacting payroll. 

Abnormal Security has noted that Mandarin Capybara targets businesses all over the world with phishing lures in Dutch, English, French, German, Italian, Polish, Portuguese, Spanish, and Swedish. However, unlike Midnight Hedgehog, which the report claimed sticks to non-English-speaking victims in Europe, Mandarin Capybara also targets businesses outside of Europe with phishing emails aimed at English speakers in the US and Australia. 

In some instances, they utilized the same tactics of fraudulent email accounts to distribute emails in multiple languages.

The reason why BEC campaigns are still in trend among threat actors is simply how they operate, where their victims receive these messages, deeming them legitimate, and act upon instructions they think are coming from their ‘boss,’ especially when the emails are written with correct grammar and spelling and the sender's signature style. 

"As email marketing and translation tools become more accurate, effective, and accessible, we'll likely continue to see hackers exploiting them to scam companies with increasing success," said Hassold. 

It is that organizations put procedures in place to make sure that large financial transactions are not approved by only one person and that people should be trained to be on the lookout for payment fraud attacks in addition to deploying appropriate cybersecurity tools to help catch BEC attacks. 

"It's important that organizations use email defenses that look for threats in a more holistic matter to be able to prevent more sophisticated BEC attacks. Defenses that simply rely on static or 'known bad' indicators will have a hard time detecting these attacks, which is why tools that leverage behavioral analytics are better equipped to spot more advanced BEC threats," concludes Hassold.    

Read more »
User Security
Business Email Compromise Data Breach Phishing Attack User Data User Security

West Virginia Hospitals Suffered a Data Breach Resulting from a Phishing Attack

 

A data breach occurred at a West Virginia hospital system as a result of a phishing assault, which provided hackers access to multiple email accounts. From May 10 to August 15, hackers gained access to various email accounts at Monongalia Health System, which operates Monongalia County General Hospital Company and Stonewall Jackson Memorial Hospital Company. These accounts held sensitive data from patients, providers, employees, and contractors. 

Mon Health completed its investigation into an email phishing incident that may have resulted in unauthorized access to emails and attachments in numerous Mon Health email accounts on October 29, 2021. Mon Health initially became aware of the situation on July 28, 2021, when a vendor reported not getting payment from Mon Health. In response, Mon Health initiated an investigation, which revealed that unauthorized individuals got access to a Mon Health contractor's email account and sent emails from the account in an attempt to collect funds from Mon Health via fraudulent wire transfers.

When Mon Health learned of this, it secured the contractor's email account and reset the password, alerted law authorities, and hired a third-party forensic firm to assist the investigation. The inquiry also revealed that the problem was limited to Mon Health's email system and did not touch the organization's electronic health records systems. There was also no evidence that any of Mon Health's other connected hospitals or healthcare facilities, including Mon Health Preston Memorial Hospital and Mon Health Marion Neighbourhood Hospital, were involved in or impacted by the incident. Importantly, the incident had no effect on Mon Health's services or operations or those of any of its connected hospitals or healthcare facilities. 

Patients who have been affected by the breach have been notified personally, and an assistance centre has been established to answer inquiries. Mon Health also stated that it is analyzing and improving its security processes and practices, including the implementation of multifactor authentication for remote access to its email system. 

“Business email compromise continues to be the silent killer for organizations and data breaches within various industries, including healthcare,” said James McQuiggan, security awareness advocate at security awareness training firm KnowBe4 Inc. “Utilizing a careful cynicism or a ‘trust and verify’ mindset, organizations can implement technology solutions and user processes to prevent these successful and effective attacks."

McQuiggan highlighted that, from a technological standpoint, implementing domain and sender email address verification is a straightforward patch to authenticate domains and emails and lessen the possibility of an attack by a "doppelganger domain."
Read more »
Zero-day Flaw
Business Email Compromise User Secuirty Vulnerabilities and Exploits Zero-day Flaw

Cybercriminals are Exploiting Zero-day Vulnerabilities at a Record Pace

 

The HP Wolf Security threat research team has discovered evidence that threat actors are mobilizing quickly to weaponize new zero-day vulnerabilities. 

According to HP Wolf Security Threat Insights Report, the attackers are abusing specific problems like CVE-2021-40444 -- the remote code execution flaw that enables exploitation of the MSHTML browser engine through Microsoft Office documents. The vulnerability was first identified by HP on September 8, a week before Microsoft released the patch.

By September 10, the HP threat research team detected scripts designed to automate the creation of this exploit being published it on GitHub. The exploit gives attackers a startlingly easy entry point into systems, deploying malware through an Office document that only needs very little user interaction.

The security researchers compile the report by examining the millions of endpoints running HP Wolf Security. The report shows that 12% of isolated email malware evaded at least one gateway scanner while 89% of malware spotted was delivered via email. Also, the web downloads were responsible for 11%, and other vectors like removable storage devices for less than 1%. 

The average time for a company to apply, test, and fully deploy patches with the proper checks is 97 days, giving threat actors an opportunity to exploit this 'window of vulnerability', explained Alex Holland, the senior malware analyst with the HP Wolf Security threat research team. 

"While only highly capable hackers could exploit this vulnerability at first, automated scripts have lowered the bar for entry, making this type of attack accessible to less¬ knowledgeable and resourced threat actors. This increases the risk to businesses substantially, as zero-day exploits are commoditized and made available to the mass market in venues like underground forums," Holland said. 

"Such novel exploits tend to be effective at evading detection tools because signatures may be imperfect and become obsolete quickly as the understanding of the scope of an exploit change. We expect threat actors to adopt CVE-2021-40444 as part of their arsenals, and potentially even replace common exploits used to gain initial access to systems today, such as those exploiting Equation Editor."

Unfortunately, some major platforms like OneDrive are allowing attackers to conduct 'flash in the pan' attacks. Although malware hosted on such platforms is generally taken down quickly, this does not deter attackers because they can often secure their goal of deploying malware in the few hours the links are live, Holland explained.

"Some threat actors are changing the script or file type they are using every few months. Malicious JavaScript and HTA files are nothing new, but they are still landing in employee inboxes, putting the enterprise at risk. One campaign deployed Vengeance Justice Worm, which can spread to other systems and USB drives," Holland added. 

Additionally, the researchers discovered threat actors exploiting Cloud and web providers to install malware as well as multiple malware families being hosted on Discord and other gaming social media platforms. 

With cyber-assaults increasing with each passing day, Dr. Ian Pratt, Global Head of Security for Personal Systems, HP Inc. believes that companies can’t keep relying on detection alone. He believes the threat landscape is too dynamic and, as highlighted in the analysis of threats captured, attackers are increasingly evolving to bypass any detection tool.

"Organizations must take a layered approach to endpoint security, following zero trust principles to contain and isolate the most common attack vectors like email, browsers, and downloads. This will eliminate the attack surface for whole classes of threats while giving organizations the breathing room needed to coordinate patch cycles securely without disrupting services," Pratt said.
Read more »
RATs
BEC Attacks Business Email Compromise Cyber Crime Nigerian Scammers Phishing Attacks RATs

Nigerian Scammers Specializing in BEC Attacks Continue to Mature

 

Cybersecurity researchers at Palo Alto Networks Unit 42 have actively tracked the evolution of SilverTerrier Nigerian Business Email Compromise (BEC) threat actors. 

From 2014 to the present, researchers have uncovered over 170,700 samples of malware directly linked to Nigerian BEC actors. These samples have been noticed in over 2.26 million phishing attacks targeting users across all industries worldwide.

Evolution of Nigerian threat actors 

Business email compromise (BEC) attacks are one of the most financially damaging cybercrimes and have been on the rise over the past seven years. The Nigerian threat actors dubbed SilverTerrier, have contributed greatly to this growth. These threat actors are responsible for collectively producing more than 170,700 samples of malware directly linked to 2.26 million attacks, according to Palo Alto Network findings. 

SilverTerrier specializes in business email compromise attacks, the kind of email fraud in which scammers impersonate a target’s coworker or friend, then ask for wire transfers. The focus on Nigerian threat actors provides insight into one of the world’s largest subcultures given Nigeria’s historic ranking as a top-five hotspot for cybercrime. 

When first discovered in 2014, SilverTerrier included only a few individuals experimenting with commodity malware. Presently, it has 540 individual threat actors performing attacks worldwide.

Researchers at Palo Alto Networks have traced one such individual named, Onuegwu Ifeany, who studied computer science at Imo State University and launched Ifemonums-Solution LTD as a legitimate business venture in late 2014. That same year, he began his criminal activities, and from 2014 until his arrest, he registered over 150 malicious domains for personal use and to support other actors. Many of these domains also served as command-and-control infrastructure for over 2,200 samples of malware, including Pony, LokiBot, PredatorPain, ISRStealer, ISpySoftware, Remcos, and NanoCore.

Over the past seven years, researchers have also discovered over 10 different commodity information stealer families employed by SilverTerrier actors, with more effective tools being adopted over older ones. Since 2014, the threat actors have employed 13 RAT families, with LuminosityLink, NJRat, Quasar, and WarZone dropping in popularity over time, but Netwire, DarkComet, NanoCore, Remcos, ImminentMonitor, Adwind, Hworm, Revenge, and WSHRat are still actively used. 

How to protect yourself against BEC attacks? 

According to GreatHorn report, nearly 50% of all BEC attacks result from the spoofing of an individual’s identity in the display name. Among those spear phishing emails, cybercriminals are also using company names (68%), names of individual targets (66%), and the name of boss/managers (53%) to conduct their attacks. By following the steps given below you can mitigate the risks: - 

  • Avoid free web-based e-mail accounts 
  • Enable multi-factor authentication for business email accounts
  • Don’t open any email from unknown parties
  • Secure your domain 
  • Double-check the sender’s email address
  • “Forward,” don’t “reply” to business emails 
  • Know your customers and vendor’s habit 
  • Always verify before sending money or data
Read more »
Subscribe to: Posts (Atom)