Skip to main content

Hackers Trick 3 Private Bank Firms Into Sending Them $1.3 Million.


In a recent highly targeted BEC attack, hackers managed to trick three British private equity firms into wire-transferring a total of $1.3 million to the bank accounts fraudsters have access to — while the victimized executives thought they closed an investment deal with some startups.
According to the cybersecurity firm Check Point, who shared its latest investigation, nearly $700,000 of the total wire transferred amount has permanently lost to the attackers, with the rest of the amount recovered after researchers alerted the targeted firms in time.
Dubbed 'The Florentine Banker,' the sophisticated cybercrime gang behind this attack, "seems to have honed their techniques over multiple attacks, from at least several years of activity and has proven to be a resourceful adversary, quickly adapting new situations," the researchers said.

 
'The techniques they use, especially the lookalike domains technique, present a severe threat — not only to the originally attacked organization but also to the third-parties with whom they communicated using the lookalike domain.'
The security firm said previous spear-phishing campaigns launched by the same group of hackers mainly targeted the manufacturing, construction, legal, and finance sectors located in the US, Canada, Switzerland, Italy, Germany, and India, among others.

How did hackers do it?
The investigation follows Check Point's previous report published last December, which described a similar BEC (business email compromise) incident that resulted in the theft of $1 million from a Chinese venture capital firm.
The amount, which was seed funding intended for an Israeli startup, was instead routed to a bank account under the attacker's control via a carefully-planned man-in-the-middle (MITM) attack.
The fraud scheme, which has since caught three UK and Israeli based finance firms in the net, works by sending phishing emails to high profile individuals in the target organization to gain control of the account and carry out extensive reconnaissance to understand the nature of business and the key roles inside the company.
How does business email compromise work?
In the next phase, the attackers tamper with the victim's Outlook mailbox by creating new rules that would divert relevant email to a different folder, such as the RSS Feeds folder, that's not commonly used by the individual in question.
Aside from infiltrating the high-level corporate email account and monitoring messages, the hackers register separate lookalike domains that mimic the legitimate domains of the entities involved in the email correspondences they want to intercept, thus allowing them to perpetrate a MITM attack by sending emails from the fraudulent domains on behalf of the two parties.
'For example, if there was a correspondence between 'finance-firm.com' and 'banking-service.com,' the attackers could register similar domains like 'finance-firms.com' and 'banking-services.com,' the team said.
Put differently, the Florentine Banker group sent one mail each from the spoofed domains to the counterparty, thus inserting itself into the conversation and deceiving the recipient into thinking that the source of the email is legitimate.
'Every email sent by each side was in reality sent to the attacker, who then reviewed the email, decided if any content needed to be edited, and then forwarded the email from the relevant lookalike domain to its original destination,' Check Point researchers said in a separate blog post on BEC scams.

Armed with this set-up, the attackers then begin injecting fraudulent bank account information (associated with accounts located in Hong Kong and the UK) in the emails to intercept money transfers and initiate new wire requests.
FBI Sounds Warning Against BEC Attacks
Business email compromise (BEC) attacks have surged in recent years as organized cybercrime groups try to profit off email scams directed against big businesses.
Last month, Palo Alto Networks' Unit 42 threat intelligence team examined BEC operations working out of Nigeria, uncovering that the group — dubbed 'SilverTerrier' — carried out an average of 92,739 attacks a month in 2019.
According to the Federal Bureau of Investigation's 2019 Internet Crime Report, BEC-related scams alone accounted for 23,775 complaints amounting to losses of over $1.7 billion.

BEC Attacks
In an advisory published by the FBI early this month, the agency warned of cybercriminals conducting BEC attacks through cloud-based email services, adding the scams cost US businesses more than $2.1 billion between 2014 and 2019.
'Cybercriminals analyze the content of compromised email accounts for evidence of financial transactions,' the FBI warned. 'Often, the actors configure mailbox rules of a compromised account to delete key messages. They may also enable automatic forwarding to an outside email account.'
The bureau also issued a separate warning highlighting how crooks are updating the profitable scam technique to capitalize on the ongoing coronavirus pandemic and perform fraudulent wire transfers.
In the face of such ongoing threats, it's recommended that users turn on two-factor authentication to secure their accounts and ensure fund transfer and payment requests are verified through phone calls confirming the transaction.

THN

#osutayusuf

Comments

Popular posts from this blog

Escaped Murder Suspect Finally Arrested in Yumbe Regional Referral Hospital, Yumbe District.

Story by Osuta Yusuf. 19-November-2024. 📸: Eyotre Kennedy handcuffed on bed while receiving medication this morning at Yumbe Regional Referral Hospital in Yumbe District. Eyotre Kennedy originating from Etoko village, Nyoroo Parish, Nyadri Sub-county in Maracha District who has for many years been terrorizing residents in his village, has finally been arrested this Monday morning 19-November-2024 while receiving treatment at Yumbe Regional Referral Hospital in Yumbe District following injuries he sustained from Theft mission on Saturday night 16-November-2024 in Owapi village, Azapi parish in Odupi Sub-county, Terego East Constituency in Terego District. Click here on the link  https://informationispowah.blogspot.com/2024/11/fugitive-who-chopped-3-people-killed.html   to read the story on his Theft of Goats in Terego. Upon getting cut on the finger and leg by the Mob as he attempted to fight and overpower owner of the goats he attempted to steal on Saturday night ...

41-Years-Old Man Digs His Own Grave in Maracha District.

Story by Osuta Yusuf.  Maracha District.  📸: The grave been dug by Mr Opiga Michael, a victim of frustration. Photo taken by Osuta Yusuf , on Wednesday 11-September-2024. The residents of Ebapi village, Baria Parish in Nyadri Sub-county, Maracha east constituency, Maracha District are in shock after a 41 year old man started digging his own grave. The man, identified as Mr Opiga Michael, who seems to be frustrated over some challenges in life, started digging his own grave on Tuesday 10-September-2024 until he was stopped by the elders in Nyaria clan. 📸: Opiga Michael, the Victim of Frustration. Photo by Osuta Yusuf , Information is Power. While speaking to our reporter on Wednesday evening 11-September-2024, Mr Opiga Michael, said, his main plan  was to commit suicide after finishing digging the grave for burying himself, explained that, he feels frustrated, abandoned and hated by his own clan people, whom he accused of piling lies against him a...

Wedded Ayivu West MP Lematia John Fights Over Another Woman.

  📸: Hon Lematia John. By URN. Police in Arua district are investigating a case of assault and threatening violence involving the Member of Parliament for Ayivu West Constituency John Lematia and James Ariko, a DSTV technician in Arua city. Drama ensued on Easter Sunday 31-3-2024 at Dream Land Hotel located at Kuluva trading center along Arua-Nebbi highway in Arua district when the legislator and the technician engaged in a fight reportedly over a woman identified as Faith Eyotaru 25, a relationship officer at Victoria University Kampala. The scuffle started after Ayivu West Mp John Lematia went to swim at Dreamland Hotel with Faith Eyotaru only to find Ariko, who had gone to the same hotel earlier. However, upon seeing the duo coming out of the vehicle, Ariko confronted Lematia with both men claiming to be having a relationship with the lady. It took the intervention of the staff at the hotel who intervened and separated the fight between the men. Josephine Angucia, the West Nil...