Business
Focused
Technology

IT360
IT360

Quick Links

gear service ticket iconStart a service ticket

BEC Group Launches Hundreds of Campaigns

A business email compromise (BEC) gang has launched more than 350 attacks against organizations in the US, according to researchers at Abnormal Security. The threat actor, which Abnormal Security tracks as “Firebrick Ostrich,” conducts open-source reconnaissance on their targets in order to construct their scam.

“In contrast to other forms of financial supply chain compromise where an attacker has deep insight into a specific vendor/customer relationship, third-party reconnaissance occurs when an attacker knows that there is a relationship between two organizations but has limited or no knowledge about actual outstanding payments,” the researchers write. “In essence, an attacker in these cases has the necessary context to impersonate a vendor but not enough information to be specific in their payment request.”

The threat actor then sends the customer organization an invoice posing as the vendor.

“Once an attacker has collected this information, they will then initiate their attack by impersonating the vendor and emailing the customer, inquiring about a potential outstanding payment,” the researchers write. “Because the attacker doesn’t have specific knowledge about an actual overdue invoice, these initial emails tend to be more general requests—rather than containing specific details that might be found in a traditional vendor email compromise attack.”

In addition, the threat actors can ask the victim to change the vendor’s banking information, so that future payments will be sent to the attackers until the vendor notices they haven’t been paid.

“Instead of requesting payment for a current invoice, another tactic that a threat actor might use is to simply request that a vendor’s stored bank account details be updated so any future payments get redirected to the new account,” the researchers explain. “This tactic is a little more stealthy, as the attacker isn’t requesting an immediate payment—the red flag accounts payable specialists are taught to notice. These attackers are playing a longer game, hoping that a simple request now will result in a payment to their redirected account with the next payment.”

Abnormal Security has the story.

Source: KnowBe4

Partner, Law Firm

We hired IT360 as our computer hardware and software computer consultants when the company first went into business. Since then, they have helped us purchase new software and hardware equipment that we have instituted into the law firm. Any time we needed them to be there they have been. They have solved all of our problems including: stand alone computers, networking issues, Internet access issues, and software. I would highly recommend IT360 to anybody who needs help in these areas.

Partner, Law Firm

Recent
Technology News

IT 360 News
Threats and Infrastructure

From Arctic Wolf SUMMARY On February 7, 2024, CISA issued an advisory detailing their discoveries concerning state-sponsored cyber actors linked to the People’s Republic of China (PRC). Notably, the PRC-affiliated threat actor, Volt Typhoon, is actively engaged in efforts to infiltrate IT networks, with the potential aim of launching cyberattacks on vital U.S. infrastructure in […]

Read more
IT 360 News
Multi-Factor Authentication

By Cybersecurity & Infrastructure Security Agency OVERVIEW Multi-factor authentication (MFA) is a layered approach to securing physical and logical access where a system requires a user to present a combination of two or more different authenticators to verify a user’s identity for login. MFA increases security because even if one authenticator becomes compromised, unauthorized users […]

Read more