A new hacking-phishing team, targeting large Companies worldwide, was recently discovered. The BEC (Business email compromise) scams can be extremely lucrative for criminals. The victims can lose hundreds of millions of dollars a month if they are deceived and send money to accounts belonging to Criminals.
The hacking team was discovered and analyzed by the security company Agari. The researchers named it Cosmic Lynx. Phishing campaign has targeted people in 46 countries, on six continents. The team studies target organizations and their executives well and sends phishing emails for current issues such as COVID-19.
Researchers say the infrastructure behind the phishing business is linked to the campaigns Trickbot and Emotet, however, several changes have been made.
It is important that a criminal group turns to BEC attacks. This means that more and more hackers are realizing that they are worth investing in attacks because they can be more profitable than others, which are also based on emails.
“Unlike traditional BEC teams, Cosmic Lynx can develop much more complex and creative attacks which sets them apart from other more general BEC attacks we see every day, ”said Crane Hassold, director of research at Agari.
In most cases, the individuals targeted hacking team, it is high-ranking company executives (vice presidents, general managers, etc.). The attack starts with me phishing emails, which appear to come from the CEO of the target company.
In almost all cases, the original phishing emails describe it in detail supposed acquisition of an Asian company. The assailant tells the victim that it is a secret case and that he should not say anything to anyone else.
Researchers note that unlike other BEC attacks, the emails are well written and contain business and financial terms.
After the initial phishing email, the "CEO" sends e-mail and in one lawyer to help complete the financial transaction. Emails from the "lawyer" are also sent by Cosmic Lynx.
"It is very rare for a BEC team to make a double face. This shows the extra effort that Cosmic Lynx makes on attacks "to make them more realistic," said Hassold.
After the involvement of the "lawyer", the victim is usually persuaded to transfers hundreds of thousands or even millions of dollars to Hong Kong accounts, which end up in the hands of fraudsters.
Researchers believe the team carries out phishing campaigns for at least a year. It is not possible to say how many organizations have fallen victim to BEC attacks or how much money criminals have made. However, the campaign is still active.
If someone thinks they may be the target of a BEC phishing attack, It is a good idea to contact the person from whom the email appears to be coming. As we said, the attacker represents an accomplice or even a known one. Therefore, there must be communication to confirm that the email actually came from him.