Tuesday, January 26, 05:36
Home security Cybercriminals "earned" $ 15.000.000 from a BEC fraud campaign!

Cybercriminals "earned" $ 15.000.000 from a BEC fraud campaign!

The FBI investigates a global BEC (Business email compromise) fraud campaign, through which cybercriminals have earned at least $ 15.000.000.

Security investigators from the Israeli incident response company "Mitiga" said yesterday that the ongoing campaign uses techniques social engineering for the "falsification" of senior executives who use services e-mail of Microsoft Office 365.

Mitiga stated that more than 150 organizations in various fields (legal, construction, financial, retail, etc.) worldwide are among the victims of the campaign. It is worth noting that most of the casualties recorded so far are at USA.

Cybercriminals BEC fraud campaign

The BEC scams target mostly businesses and organizations, usually motivated by financial gain. Analysts estimate that in the second quarter of 2, the average successful BEC fraud campaign raised $ 2020, while the corresponding profits in the first quarter of 80.000 amounted to $ 1. However, the profits of cybercriminals from BEC scams can reach up to millions of dollars.

Mitiga described the campaign as a "multi-million dollar global transaction". Emails were sent between buyer and seller for several months, during which cybercriminals talked about "senior parties" involved in the transaction, providing alternative payment instructions by bank transfer, and eventually disappearing with the proceeds.

However, this is only one of the BEC campaigns conducted by one or more hacking groups. Dozens rogue domains associated with it. Many rogue domains are registered through GoDaddy's Wild West Domain and are listed as legitimate businesses. In what is known as the homography technique, site addresses used to forge a company include changes to letters or symbols that would be difficult to detect - such as the difference between "Paypal.com" and "paypall.com". Office 365 accounts were then linked to email addresses associated with these domains, in order to send them "fraudulent" messages. If a victim accepted one Phishing email and unknowingly executed a payload, this could also lead to a breach of his incoming messages.

BEC fraud campaign

According to the researchers, Microsoft's email service is being abused to reduce "suspicious differences" and the possibility of activating detection filtering. malware. "

When conversations were blocked by compromised accounts, attackers used a forwarding rule to return all communication to another account controlled by them. This provided the intruders with full visibility of the transaction, while at the same time allowing the introduction of the fake domain at the appropriate time, ie when the bank transfer details were provided.

An investigation into the widespread BEC fraud campaign is currently ongoing. Microsoft and related law enforcement agencies have been notified.

Tal Mozes, CEO of Mitiga, told ZDNet: "We are facing a dramatic increase (63%) of ransomware BEC fraud attacks and incidents throughout our customer base. These attacks come mainly from African countries and have an increasing level of complexity. "With this particular BEC fraud campaign, our analysts have been able to detect a digital fingerprint that has allowed us to identify and alert victims, as well as law enforcement agencies to the threat agents."


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.



COVID-19 vaccines: Ways to protect supply chains

The development of vaccines for COVID-19 in such a short period of time has created many challenges and these are not only related to ...

How do insurance companies "enhance" ransomware attacks?

Ransomware attacks have increased significantly, with experts warning that their victims should not pay ransom to hackers ....

Russia: "US may be planning retaliation for SolarWinds hack"!

The Russian government warns the country's organizations about possible cyber attacks that the US may carry out, as "retaliation" for the hack ...

iPhone: How to see which apps have access to your contacts

Some iPhone privacy issues go deeper than accessing your contacts list, which exposes your contacts to ...

COVID-19: Google makes vaccination clinics available

Google CEO Sundar Pichai said Monday that the company will make its facilities available to become clinics ...

Netflix offers "studio quality" audio upgrade on Android

Do not be surprised if Netflix sounds better the next time you run a marathon with rows on your Android phone ...

Will Bitcoin return to $ 40.000? There is concern!

Bitcoin lovers who take his return above the level of $ 40.000 for granted have been worried because the demand ...

Avaddon ransomware: Its operators threaten with DDoS attacks to get ransom!

Lately, more and more ransomware gangs tend to threaten their targets with DDoS attacks in order to secure profits ....

Volunteer firefighters will be trained through VR simulation

Volunteer firefighters in the Australian state of Victoria will soon have access to the virtual reality (VR) training that will be available in ...

Tesla: Accuses its former employee of stealing her confidential data!

On January 23, Tesla sued former employee Alex Khatilov for stealing 26.000 confidential documents, including trade secrets. The software ...