What are Business Email Compromise Groups?
BEC attacks entail posing as a senior executive or business partner and convincing a corporate target to wire large quantities of cash to a bank account under the attacker's control.
Successfully launching the international variant of this cyberattack generally requires a lot of time and effort. The target must be sufficiently researched to make phishing lures plausible. Moreover, native speakers must be hired to translate frauds into other languages. Yet this is all changing as threat actors use free online technologies that reduce some of the need for manual work.
Midnight Hedgehog and Mandarin Capybara are two BEC groups that best represent the trend, according to a research from Abnormal Security published this week. Both use Google Translate, which enables threat actors to quickly create convincing phishing lures in practically any language.
Moreover, researchers in the study also cautioned that tools such as commercial business marketing services are aiding the success of less-resourced and less-sophisticated BEC attacks. They are mostly used by sales and marketing teams to find "leads," making it simple to locate the best targets regardless of their region.
The fact that BEC attacks are already lucrative, causing $2.4 billion in damages in 2021 alone, according to the FBI's Crime Report, and the number of BEC attacks is constantly increasing, is bad news for defenders. Volumes are now likely to increase as some of the cost associated with performing them has been eliminated.
BEC Groups Scale Fast with Translation, Marketing Tools
Crane Hassold, director of threat intelligence of Abnormal Security in a report noted that Midnight Hedgehog has been since January 2021 and specialises in impersonating CEOs.
Danish, Dutch, Estonian, French, German, Hungarian, Italian, Norwegian, Polish, Spanish, and Swedish are among the 11 languages that the company has so far identified in two significant phishing emails from the organization. The emails are lacking the simple mistakes that consumers are conditioned to look out for and regard as suspicious thanks to Google Translate's effectiveness.
"We've taught our users to look for spelling mistakes and grammatical errors to better identify when they may have received an attack[…]When these are not present, there are fewer alarm bells to alert native speakers that something isn't right," the report said.
Apparently, Midnight Hedgehog has requested payments ranging from $17,000 to $45,000.
Mandarin Capybara, the second BEC threat organization mentioned in the report, sends emails posing as communications from business executives but with a twist: Paychecks are transferred to a controlled account via direct deposit by contacting payroll.
Abnormal Security has noted that Mandarin Capybara targets businesses all over the world with phishing lures in Dutch, English, French, German, Italian, Polish, Portuguese, Spanish, and Swedish. However, unlike Midnight Hedgehog, which the report claimed sticks to non-English-speaking victims in Europe, Mandarin Capybara also targets businesses outside of Europe with phishing emails aimed at English speakers in the US and Australia.
In some instances, they utilized the same tactics of fraudulent email accounts to distribute emails in multiple languages.
The reason why BEC campaigns are still in trend among threat actors is simply how they operate, where their victims receive these messages, deeming them legitimate, and act upon instructions they think are coming from their ‘boss,’ especially when the emails are written with correct grammar and spelling and the sender's signature style.
"As email marketing and translation tools become more accurate, effective, and accessible, we'll likely continue to see hackers exploiting them to scam companies with increasing success," said Hassold.
It is that organizations put procedures in place to make sure that large financial transactions are not approved by only one person and that people should be trained to be on the lookout for payment fraud attacks in addition to deploying appropriate cybersecurity tools to help catch BEC attacks.
"It's important that organizations use email defenses that look for threats in a more holistic matter to be able to prevent more sophisticated BEC attacks. Defenses that simply rely on static or 'known bad' indicators will have a hard time detecting these attacks, which is why tools that leverage behavioral analytics are better equipped to spot more advanced BEC threats," concludes Hassold.