Search This Blog

Showing posts with label Business Email Compromise. Show all posts

Massive BEC Phishing Ring Uncovered, 3 Nigerian Nationals Arrested

 

In the city of Lagos, three Nigerian nationals suspected of participation in an organized cybercrime group behind malware distribution, phishing attacks, and a massive business email compromise (BEC) ring responsible for scams globally, have been arrested under “Operation Falcon” carried out jointly by international police organization with Nigeria Police Force and Singapore-based cybersecurity firm Group-IB, according to the reports by Interpol. 
 
In a Business Email Compromise (BEC) attack, the threat actor hacks and spoofs email to impersonate an organization’s CEO, vendors, or senior executives to trick employees and customers by gaining their trust; which later is exploited as the attackers encourage actions relating to funds transfer to criminal’s account or transferring confidential data, in some cases. 
 
The cybercriminals behind the operations performed a number of their phishing campaigns in disguise; masked as product inquiries, Coronavirus aid, or purchasing orders. Stealing authentication data from emails, web browsers, and FTP clients from organizations based in the UK, the US, Japan, Nigeria, and Singapore, has been identified as the primary objective of these phishing attacks, as per Group IB. 
 
As the ongoing investigation continues to uncover other suspects and monetization means employed by the ring, around 50,000 targeted victims have been discovered, so far. Allegedly, the participants of the rings developed phishing links and domains before performing mass BEC campaigns wherein they sophisticatedly targeted corporations of all sizes. Reportedly, 26 different malware variants were being deployed by the criminals including remote access Trojans (RATs) and spyware. 
 
"They then used these campaigns to disseminate 26 malware programmes, spyware, and remote access tools, including AgentTesla, Loki, Azorult, Spartan, and the nanocore and Remcos Remote Access Trojans,’ the INTERPOL said. 
 
"This group was running a well-established criminal business model," Interpol's Cybercrime Director Craig Jones noted. "From infiltration to cashing in, they used a multitude of tools and techniques to generate maximum profits." 
 
“These programs were used to infiltrate and monitor the systems of victim organizations and individuals, before launching scams and siphoning funds,” as per an announcement by INTERPOL. “According to Group-IB, the prolific gang is believed to have compromised government and private-sector companies in more than 150 countries since 2017.”

Business Email Compromise: Most Common Online Scam?


More and more small and medium enterprises are being affected by business e-mail compromise, according to a webinar, conducted by the PHD Chamber of Commerce and Industry.


Business Email Compromise also known as BEC is a security exploit in which the threat actor obtains access to a corporate email account having links to company funds and then attempts to defraud the company or the employees by spoofing the targeted employee's identity. The attackers manipulate the target to transfer money into a bank account that belongs to them.

In the year 2019, BEC scams have amounted for losses of more than $1.77 billion, as per the FBI's Internet Crime Report. Businesses are being warned as BEC exploits surge due to the ongoing pandemic; companies that rely primarily on wire transfers to transfer money to international customers are the most common target of BEC.

An infected email network can cause a significant amount of damage to a company's interests, therefore safeguarding an enterprise is crucial – along with empowering employees, it will also shield business interests and longevity.

While giving insights on the subject matter, deputy commissioner of police (cyber) Anyesh Roy said, “The fraudsters do compromise with the email account of the person who is dealing with the company accounts and financial transactions. They create an email account that is similar to either company’s or client’s account. They come in the middle and start interacting with both the parties. They change the destination of financial transactions on some pretext, following which the money goes to the fraudsters’ account.”

“Whatever an instruction has been received from the client about changing the destination of banking account, it needs to be confirmed through alternate means, including phone call, e-mail, and other.”

“Cyber-crime is like any other crime and one can report it anywhere at any police station or DCP office. The complaint can be registered through e-mail also. Cyber-crimes are happening through digital medium and the evidences can easily be destroyed so the victim needs to capture it as a screenshot and give it to police with their complaint,” the officer added.

BEC Scams Cost American Companies Billions!


Business Email Compromise (BEC) scams have surfaced among several US companies and have caused them damage costing along the lines of Billions, mentions a warning of the Federal Bureau of Investigation.

Per sources, BECs are “sophisticated scams” aiming at businesses involving electronic payments encompassing “wire transfers or automated clearing house transfers”. Usually, these scams include a cyber-con penetrating a legitimate business email account via device intrusion procedures.

Once the access has been acquired, the cyber-con is free to deceitfully dive into the email account to obtain funds by sending emails to suppliers, loaded with invoices of modified bank account details.

The hit list mostly consists of organizations that employ cloud-based email services, which makes it easier to go for Business Email Compromise (BEC) scams.

Per FBI, specially engineered “phish kits” with the ability to impersonate the cloud-based email services are used to prompt these scams only to exploit the business accounts and request or mi-sallocate funds.

Sources mention that the Internet Crime Complaint Center (IC3) received numerous complaints over the past years about companies having experienced damages amounting to a couple of Billions in “actual losses” as a result of the BEC scams.

The IC3 focused their attention on the BEC scams right after their number began to multiply rapidly across all the states of America.

The issue allegedly stands in the configuration of the cloud-based services which makes it almost effortless for cyber-criminals to exploit the company’s email accounts.

Obviously most cloud-based services are laden with security measures that intend to block all the BEC attempts. But that depends on the ability of the users to make good use of them. The maximum of these features needs to be enabled and manually configured.

Per sources, what makes these scams dangerous is that any organization, big or small, with kerbed IT resources is vulnerable.

The cyber-cons in addition to having control over the email accounts, usually also retrieve the address books of the exploited accounts to have a list of potential targets. Hence, a single bad apple could affect the entire basket, meaning a single affected organization could have ramifications for the entire business industry.

Aeronautical agency’s email account hacked

The official email account of the Aeronautical Development Agency (ADA) was recently hacked and data manipulated, allegedly by a private aerospace engineering company.

The hackers breached into the TAN login and even changed a mobile number linked the certain account and unauthorised online corrections were made to manipulate tax returns of a private aerospace engineering company in Bengaluru.

Rangarajan S (58), a senior executive with the ADA, filed a complaint with the cybercrime police of the Criminal Investigation Department (CID) seeking legal action against unknown hackers on June 4. Based on the complaint, the police registered a case under various sections of the Information Technology Act and are probing.

In his complaint, Rangarajan said the hackers not only accessed details of financial transactions, but also made changes in the TDS for 2017-18. In addition to this, the hackers also allegedly changed the password, email ID and mobile IDs, and updated the PAN details of the company they belonged to. The police said the fraud might have occurred between March and May this year and come to light recently during the verification of official accounts.

“On March 31, an amount of Re 1 has been remitted to ADA’s TAN number. Also, some unknown person has filed 27EQ return of 4th quarter FY 2018-19 offline on May 7 (possibly at TIN-FC centre). ADA’s TDS Reconciliation and Correction Enabling Systems user ID and login password have been accessed unauthorisedly on May 14.”

Confirming the account’s hacking, senior ADA officials said that though there has been a breach in the account, there is no security concern. “This is not a serious issue as the account was in the open domain. No data pertaining to the agency has been compromised,” an officer said.

The cybercrime police are trying to ascertain the motive behind the hacking.

European Cinema Chain Loses an Astonishing US$21.5 Million to a Business Email Compromise




An European-based cinema chain Pathé lost an enormous fortune of around 19 million euros (US$21.5 million) to a business email compromise (BEC) scam in March 2018 by an attack, which kept running for about a month and ultimately costed the organization 10 percent of its aggregate profit.

The scammers here deserted setting the 'fake President' against the 'real CFO' for faking French head office missives to the Dutch management.

Beginning with the following mail:
“We are currently carrying out a financial transaction for the acquisition of foreign corporation based in Dubai. The transaction must remain strictly confidential. No one else has to be made aware of it in order to give us an advantage over our competitors.”

Even however the CFO and Chief considered it odd, they pushed on in any case and still sent more than 800,000 in Euros. At the point when more demands pursued, including a few while the CFO was on furlough—the two executives were fired not long after the head office took note of the situation.

In spite of the fact that they weren't associated with the fraud, Pathé said they could and should have seen the warnings. The business email compromise endeavor was devastatingly effective as they failed to take note of the warnings and there was no security net set up.

Typically a business email compromise is a sort of phishing attack, topped with a dash of 'targeted' social engineering however this specific BEC scam was very intriguing since it featured a somewhat extraordinary way to deal with the attack.

As the business email compromise keeps on developing in ubiquity among the scammers, and it's up to us to battle it. It is progressively essential for any and each organization to consider the BEC important. 

BECs being a standout amongst the most slippery dangers around it is advised for the all the clients to keep their funds operating at a profit as a need, regardless of the fact that whether they disseminate motion pictures, IT administrations, or anything else for the matter.