This Sneaky Type Of Cybercrime Rules Them All



Welcome to Cybersecurity 202! We don’t really cover it in today’s edition, but I partly suspect that one of the reasons BEC (defined below) doesn’t get as much attention as other cybercrimes is that has a lame acronym.

Below: Records indicate that an Indian intelligence agency has purchased equipment from the NSO Group and a disruption in the undersea cable is causing trouble on an island. But first :

This little-discussed type of cybercrime accounts for billions in losses – and could grow even further

While ransomware grabs the headlines, another type of cybercrime is quietly getting away with much, much more money – and there are signs it’s on the rise, too.

In the case of “corporate email compromise,” or BEC, criminals impersonate a trusted person, such as the CEO of their company, sometimes hacking into them and stealing their email. Criminals send an urgent message to transfer money, which they then steal.

The BEC regularly tops the FBI annual list of costliest internet crimesthat it collects from complaint data. In 2021, BEC accounted for about a third of the year’s $6.9 billion in cyber losses, or about $2.4 billion. Ransomware trailed behind with just $50 million. A May FBI alert said the amount of BEC losses and attempted thefts had increased following the coronavirus pandemic, which forced companies to conduct more routine business virtually.

During the second quarter of this year, cybersecurity firm Arctic Wolf said the rate of BEC cases it responded to doubled from 17% to 34%.

In addition to BEC risks, it is also a kind of cybercrime that thrives on volume.

“We end up with a situation that is truly death by 1,000 paper cuts,” Pete Renals, senior threat researcher for Unit 42 at Palo Alto Networks, said. (This year alone, the company has contributed to several Interpol and Nigerian police operations to arrest BEC suspects.)

There are a number of reasons why the BEC has proven so successful for so long.

Most of what BEC criminals do is “really easy”, and the techniques have been refined over time, so that “they just rinse and repeat at this point in the evolution of BEC”, Ryan Kalemberexecutive vice president of cybersecurity strategy at Proofpoint, said.

It’s not difficult to deploy malware that steals access to accounts and sends an email to a victim from that compromised account, he said. The hardest part is setting up bank accounts to move money, he said, but the gangs have figured out how to handle that too.

Criminals also don’t have to target large corporations to be effective.Kalember said.

  • “The truth is, they really don’t need the big fish most of the time. We’ve seen them, in fact, be very, very active in much smaller organizations that are just in industries where a lot of money is moved purely on the basis of digital communications and between parties that don’t necessarily know each other very good. said Kalember.

It is also a kind of crime that takes advantage of people’s trustworthy sensibility, Daniel Thanos, vice president of Arctic Wolf Labs, told me. “Human nature is sometimes overconfident,” he said. “People also react to urgency.”

  • That doesn’t mean they are entirely to blame; Criminals are crafty at making emails authentic, sometimes using information they’ve gleaned from social media to personalize their messages, Thanos said.

Unlike other cybercrime crimes, victims do not always know they have been affected until much later, Renals said. A ransomware attack encrypts an organization’s systems, bringing everything to a standstill immediately. Law enforcement can help collect ransom payments, but by the time someone realizes they’ve been scammed by a BEC criminal, the money is usually long gone.

BEC doesn’t get as much attention, partly because it doesn’t look like ransomware.

It’s not destructive the way a ransomware attack can be if it shuts down a hospital’s systems. Because it does not affect key systems, it is not treated as a national security threat, Renals said. Due to the “death by 1,000 paper cut” effect, smaller heists that add up over time are also less likely to make the newshe said.

Many thefts might not even be reported. This is because being a victim of a BEC scam is potentially more embarrassing than suffering a ransomware attack.Renals said.

“With the ransomware, they got into a vulnerability in your network. It happens,” he said. ‘got an email from the CEO telling me to transfer some money and I did.’ Nobody wants to admit that because there’s more of a human aspect to it.

BEC is also not interesting from a technical point of view it could draw a ton of attention from security researchers making headlines at a high-level web conference, Kalember said.

Some of the ways to defend against BEC are similar to how anyone would defend against most cyberattacks, like using multi-factor authentication to protect email accounts.

Some seem more mundane, but can make a big difference. “Have an actual process that is validated and tested for how you authorize funds to leave your business,” Renals said. “No funds should ever leave you based on an email, right? There should be someone you call, there should be a piece of paper that needs to be signed and physically handed over.

Indian spy agency bought NSO equipment, documents show

Import data shows that India’s domestic intelligence agency received a shipment of hardware from NSO Group in 2017 that matches what was used to run Pegasus spyware, the Organized Crime and Corruption Reporting Projectreport by Sharad Vyas and Jurre van Bergen. While this does not conclusively show that the agency purchased Pegasus, it does add to a growing body of evidence on India and spyware.

“The shipment included Dell computer servers, Cisco networking equipment and ‘uninterruptible power supply’ batteries, which provide power in the event of an outage, according to a bill of lading obtained through a global trade data platform that relies on national customs documents”, they write. “The shipment, delivered by air, was marked ‘for military and military use’ and cost $315,000. This description – and the timing of the expedition – seemed to match the account given in January by the New York Timeswhich reported that Pegasus and a missile system had been the “centerpieces” of a major 2017 arms deal between Israel and India.

Pegasus has infected at least seven phones in India, The Post previously reported. Indian authorities said at the time that “allegations about government surveillance of specific people have no concrete basis or associated truth.” He also said that legal monitoring was done through a “well-established procedure”. NSO Group has denied the “false allegations” in reports by The Post and its media partners.

NSO Group and the spy agency, the Intelligence Bureau. did not respond to OCCRP’s request for comment.

Bitfinex Hack Victims Want Stolen Bitcoins Back

US authorities have seized billions of dollars in stolen cryptocurrency that skyrocketed in value after a 2016 hack, but Bitfinex and its customers could battle it out in court over who the rightful owners are, CNBCreport by Jessi Joseph and Eamon Javers. Bitfinex says it made its customers whole by providing them with digital tokens they could sell after the hack, but some customers say what they received had no value and they had no no choice but to accept the funds.

“Essentially, Bitfinex wants the bitcoins that were stolen in the 2016 hack back to the company and it will return some of them to some of their customers in cash, not bitcoins,” Joseph and Javers write. “But some of the hack victims still claim that the bitcoins belong to them. And the idea that they could lose their bitcoins not once, but twice, seems impossible.

Individuals and entities who claim their money was stolen will be able to submit claims to a court which will decide how the money will be distributed, Deputy Attorney General Lisa Monaco told CNBC. But authorities are still pursuing a couple – Heather Morgan and Ilya Lichtenstein – which they believe conspired to launder cryptocurrency, and this could delay the process.

Cable disruptions affect the island’s internet service

Scottish Prime Minister Nicholas Sturgeon said there was an emergency on Shetland after an undersea cable was disrupted, the BBC reports. Islanders were unable to use some phones or pay with credit cards at some stores, the outlet reported.

responsible for the infrastructure of Faroese Telecom, Páll Vesturbutold the BBC the company believes the cable disruption – and another last week, which affected a cable linking Shetland and the Faroe Islands – was caused by a fishing boat.

NATO has warned that undersea cables are vulnerable and some experts fear Russia could target the cables, which carry most internet traffic, amid war in Ukraine. In April, US authorities in Hawaii said they had halted a “significant breach involving the servers of a private company associated with an undersea cable” by an “international hacking group”. They did not release additional information.

MercyOne says it began restoring systems following ransomware attack (Des Moines Register)

Twitter is purging a foreign network of fake accounts trying to influence Israeli elections (Haaretz)

Loeffler’s texts after 2020 election become public, raising new investigative questions (Politico)

Senior DOJ official ‘pleased’ with multiple agencies, branches’ response to court data breach (CyberScoop)

Thanks for reading. See you next week.


Comments are closed.