Search This Blog

Showing posts with label BEC frauds. Show all posts

BEC Attacks have Stolen $1.8 Billion from Businesses

 

Business email compromise (BEC) attacks increased drastically in 2020, with more than $1.8 billion stolen from businesses in just one year. BEC attacks are carried out by hackers who impersonate someone inside a company or pose as a partner or vendor in order to defraud the company. 

The tactics of some of the most dangerous BEC attacks observed in the wild in 2020 were examined in a new report from Cisco's Talos Intelligence, which reminded the security community that smart users armed with a healthy skepticism of outside communications and the right questions to ask are the best line of defense, in addition to technology. 

According to the FBI, BEC assaults are getting more dangerous. They discovered a 136 % increase in the number of successful BEC attacks (reported) around the world between December 2016 and May 2018. Between October 2013 and May 2018, it is estimated that Business Email Compromise cost businesses over $12 billion. Analysts predict that these attacks will grow more regular and that the financial costs connected with them will continue to rise. 

The report stated, “The reality is, these types of emails and requests happen legitimately all over the world every day, which is what makes this such a challenge to stop.” It's tempting to get hooked up on huge global corporations' high-profile data breaches. The genuine revenue, however, is made via smaller BEC attacks, according to the report. 

“Although a lot of attention gets paid to more destructive and aggressive threats like big-game hunting, it’s BEC that generates astronomical revenue without much of the law-enforcement attention these other groups have to contend with,” the report explained. “If anything, the likelihood of this has only increased in the pandemic, with people relying more and more on digital communication." 

According to Cisco Talos, gift card lures are by far the most popular in BEC assaults. Most of the time, these emails will appear to be from someone prominent within the organization and will come from a free provider like Gmail, Yahoo, or Outlook. The solicitations will frequently include a sad narrative of hardship and will attempt to persuade the victim to purchase an Amazon, Google Play, iTunes, PlayStation, or other common types of gift card. 

“The amount of and types of businesses that get targeted with these attacks is truly staggering, ranging from huge multinational corporations down to small mom-and-pop restaurants in U.S. cities,” Talos said. “We found examples of small restaurants that are being targeted by impersonating the owners since the information was available on their website.”

Microsoft Detected a BEC Campaign Targeted at More than 120 Organizations

 

Microsoft discovered a large-scale business email compromise (BEC) program that attacked over 120 organizations and used typo-squatted domains that were registered only days before the attacks began. Cybercriminals continue to harass companies in order to deceive recipients into accepting fees, exchanging money, or, in this case, buying gift cards. This kind of email attack is known as business email compromise (BEC), which is a dangerous type of phishing aimed at gaining access to sensitive business data or extorting money via email-based fraud.

In this operation, Microsoft discovered that attackers used typo-squatted domains to make emails appear to come from legitimate senders in the consumer products, process manufacturing, and agriculture, real estate, distinct manufacturing, and professional services industries. 

BEC emails are purposefully crafted to look like regular emails as if they were sent from someone the intended client already knows, but these campaigns are much more complicated than they seem. They necessitate planning, staging, and behind-the-scenes activities. 

"We observed patterns in using the correct domain name but an incorrect TLD, or slightly spelling the company name wrong. These domains were registered just days before this email campaign began," the Microsoft 365 Defender Threat Intelligence Team said. 

Despite the scammers' best efforts, Microsoft found that "the registered domains did not always comply with the company being impersonated in the email." The attackers' surveillance capabilities are evident when they called the targeted workers by their first names, despite their methodology being faulty at times.  

To give authenticity to the phishing emails, scammers used common phishing tactics including bogus responses (improved by also spoofing In-Reply-To and References headers), according to Microsoft.

 
"Filling these headers in made the email appear legitimate and that the attacker was simply replying to the existing email thread between the Yahoo and Outlook user," Microsoft added. "This characteristic sets this campaign apart from most BEC campaigns, where attackers simply include a real or specially crafted fake email, adding the sender, recipient, and subject, in the new email body, making appear as though the new email was a reply to the previous email." 

Though the tactics used by these BEC scammers seem crude, and their phishing messages seem to be clearly malicious, BEC attacks have resulted in record-breaking financial losses per year since 2018. The FBI formed a Recovery Asset Team in 2018 intending to retrieve money that can still be traced and freezing accounts used by fraudsters for illegal BEC transactions.

BEC Scammer Infects own Device, Exposes their Activity

 

In some media depictions, criminal and state-backed hackers are constantly portrayed as cunning and sophisticated, gliding inexorably toward their most recent information heist. These digital operatives are, obviously, human and inclined to botches that uncover their activity. A North Korean man blamed for hacking Sony Pictures Entertainment in 2014, for instance, mixed his real identity with his alias in registering online accounts, making it simpler for U.S. investigators to track him. 

The latest illustration of blundering digital behavior happened when a scammer contaminated their own gadget, offering researchers a front-row seat to the attacker’s scheme and lessons in how to defend against it. “This is a big failure in their operational security as it gives us direct insight into some of the attacker’s tactics and operation,” said Luke Leal, a researcher at Web security firm Sucuri, which made the discovery.  

The assailant was attempting to complete a business email compromise (BEC), a plan that utilizes spoofed emails to trick individuals into sending crooks money. BEC tricks are so common they represented $1.7 billion in losses reported to the FBI in 2019 — or half of all cybercrime losses reported to the authority. To complete the scam, the scammer required more details on equipment utilized at an anonymous oil organization to make malevolent emails to the organization's workers more believable, Leal wrote in a blog post. That implied planting noxious code on gadgets utilized at the organization to monitor communications.

Simultaneously, be that as it may, the attacker obviously neglected to eliminate the malevolent code they put on their own gadget, maybe for testing purposes, giving Leal's team a window into the attacker’s machinations and frustrations. Since it was tainted by the malware, the gadget was sending screenshots back to the control panel the hacker was utilizing in the scam. The researchers saw emails the attacker sent to targeted employees and how they spread out payment demands over various invoices to make the scam more believable. Another such incident took place in 2016 when a couple of security researchers uncovered a Nigerian scammer, that they said operated a new kind of attack called “wire-wire”, this was after a couple of its individuals unintentionally infected themselves with their own malware.

Business Email Compromise: Most Common Online Scam?


More and more small and medium enterprises are being affected by business e-mail compromise, according to a webinar, conducted by the PHD Chamber of Commerce and Industry.


Business Email Compromise also known as BEC is a security exploit in which the threat actor obtains access to a corporate email account having links to company funds and then attempts to defraud the company or the employees by spoofing the targeted employee's identity. The attackers manipulate the target to transfer money into a bank account that belongs to them.

In the year 2019, BEC scams have amounted for losses of more than $1.77 billion, as per the FBI's Internet Crime Report. Businesses are being warned as BEC exploits surge due to the ongoing pandemic; companies that rely primarily on wire transfers to transfer money to international customers are the most common target of BEC.

An infected email network can cause a significant amount of damage to a company's interests, therefore safeguarding an enterprise is crucial – along with empowering employees, it will also shield business interests and longevity.

While giving insights on the subject matter, deputy commissioner of police (cyber) Anyesh Roy said, “The fraudsters do compromise with the email account of the person who is dealing with the company accounts and financial transactions. They create an email account that is similar to either company’s or client’s account. They come in the middle and start interacting with both the parties. They change the destination of financial transactions on some pretext, following which the money goes to the fraudsters’ account.”

“Whatever an instruction has been received from the client about changing the destination of banking account, it needs to be confirmed through alternate means, including phone call, e-mail, and other.”

“Cyber-crime is like any other crime and one can report it anywhere at any police station or DCP office. The complaint can be registered through e-mail also. Cyber-crimes are happening through digital medium and the evidences can easily be destroyed so the victim needs to capture it as a screenshot and give it to police with their complaint,” the officer added.

BEC Scams Increase Year over Year; Reach Monthly Average of More Than $300 Million



Business email compromise (BEC) scams have been on a steady rise year over year and as per the suspicious activity reports (SARs) received month since 2016, the count has now reached at a monthly average of more than $300 million.

The  Financial Crimes Enforcement Network  (FinCEN) in the wake of assembling the statistics about BEC episodes happening in the course of recent years recognized the most common types of targets alongside the destination planned for the stolen assets and the procedures utilized by the scammers.

Companies have said to have lost around $1.2 billion to this kind of cybercriminal movement, who's aim is to acquire assets by acting like a customer or upper management personnel in a company so as to fool the key individuals within the organization into wiring funds to an 'attacker-control bank account'.

Commercial entities offering proficient services  like landscaping, retail, restaurants, and lodging turned out to be increasingly alluring targets, with 18% of the attacks being aimed at them.

FinCEN's analysis describes the broader picture of BEC scams

In contrast to financial organizations, which fell in the rankings from 16% to 9%, real estate firms ended up being all the more enticing, representing 16% of the BEC scam victim pie.

The attackers however don't stay adhered to only one way; they have various strategies to accomplish their goal. From impersonating company CEOs to impersonating customers and vendors all the while using fake invoices they have done it all.

Therefore users are recommended to pay special mind to any Malwares or Spywares as the attackers rely heavily on malware intended to steal the necessary information for executing the attack just as Spyware for stealing the information important to break into email accounts.

Nigerian BEC Fraudsters Resorting to RATs as the Tool to Amplify Attacks



The number of Business Email Compromise, also known as BEC fraud has risen up by an alarming rate; hackers have resorted to Remote Access Trojans (RAT) to amplify their attacks. 

The FBI’s Internet Crime Complaint Center, IC3 attempted to reduce the damage done by these attacks by formulating a Recovery Asset Team which took care of the consequences of  BEC scams. However, the number of scammers involved in these kinds of attacks is significantly more than ever before.

The attacks which witnessed an unprecedented upsurge are regarded as a global threat with Nigeria practicing it extensively; in the African country, money making via BEC scams have become the norm. After examining the cybercrime in Nigeria, Palo Alto Network’s Unit 42 recorded the country’s evolution into employing ransomware and malware to attain financial objectives.

In 2018, the number of groups involved in BEC scams reached up to 400 which were a hundred more than the previous year, the activities further multiplied by 54% in comparison to the year 2017.

With a monthly average of 28,227 attacks, the most affected sector was High-tech which recorded over 120,000 attacks in the previous year and the second most targeted was the wholesale industry which was subjected to around 80,000 attacks. Lastly, the third most affected sector was manufacturing, which fell prey to a total of 57,000 attacks.

Monitoring the attacks, Verizon says in a report, “Given the sheer number of incidents in this sector, you would think that the government incident responders must either be cape and tights wearing superheroes, or so stressed they’re barely hanging on by their fingernails.”

“Admittedly we do not have as much data as to what is happening beyond the deception and initial device compromise. The inclusion of keylogging malware is a good indicator that additional credential theft and reuse is a likely next step.”