Skip to main content

Hackers Trick 3 Private Bank Firms Into Sending Them $1.3 Million.

By Editor

In a recent highly targeted BEC attack, hackers managed to trick three British private equity firms into wire-transferring a total of $1.3 million to the bank accounts fraudsters have access to — while the victimized executives thought they closed an investment deal with some startups.
According to the cybersecurity firm Check Point, who shared its latest investigation, nearly $700,000 of the total wire transferred amount has permanently lost to the attackers, with the rest of the amount recovered after researchers alerted the targeted firms in time.
Dubbed 'The Florentine Banker,' the sophisticated cybercrime gang behind this attack, "seems to have honed their techniques over multiple attacks, from at least several years of activity and has proven to be a resourceful adversary, quickly adapting new situations," the researchers said.

 
'The techniques they use, especially the lookalike domains technique, present a severe threat — not only to the originally attacked organization but also to the third-parties with whom they communicated using the lookalike domain.'
The security firm said previous spear-phishing campaigns launched by the same group of hackers mainly targeted the manufacturing, construction, legal, and finance sectors located in the US, Canada, Switzerland, Italy, Germany, and India, among others.

How did hackers do it?
The investigation follows Check Point's previous report published last December, which described a similar BEC (business email compromise) incident that resulted in the theft of $1 million from a Chinese venture capital firm.
The amount, which was seed funding intended for an Israeli startup, was instead routed to a bank account under the attacker's control via a carefully-planned man-in-the-middle (MITM) attack.
The fraud scheme, which has since caught three UK and Israeli based finance firms in the net, works by sending phishing emails to high profile individuals in the target organization to gain control of the account and carry out extensive reconnaissance to understand the nature of business and the key roles inside the company.
How does business email compromise work?
In the next phase, the attackers tamper with the victim's Outlook mailbox by creating new rules that would divert relevant email to a different folder, such as the RSS Feeds folder, that's not commonly used by the individual in question.
Aside from infiltrating the high-level corporate email account and monitoring messages, the hackers register separate lookalike domains that mimic the legitimate domains of the entities involved in the email correspondences they want to intercept, thus allowing them to perpetrate a MITM attack by sending emails from the fraudulent domains on behalf of the two parties.
'For example, if there was a correspondence between 'finance-firm.com' and 'banking-service.com,' the attackers could register similar domains like 'finance-firms.com' and 'banking-services.com,' the team said.
Put differently, the Florentine Banker group sent one mail each from the spoofed domains to the counterparty, thus inserting itself into the conversation and deceiving the recipient into thinking that the source of the email is legitimate.
'Every email sent by each side was in reality sent to the attacker, who then reviewed the email, decided if any content needed to be edited, and then forwarded the email from the relevant lookalike domain to its original destination,' Check Point researchers said in a separate blog post on BEC scams.

Armed with this set-up, the attackers then begin injecting fraudulent bank account information (associated with accounts located in Hong Kong and the UK) in the emails to intercept money transfers and initiate new wire requests.
FBI Sounds Warning Against BEC Attacks
Business email compromise (BEC) attacks have surged in recent years as organized cybercrime groups try to profit off email scams directed against big businesses.
Last month, Palo Alto Networks' Unit 42 threat intelligence team examined BEC operations working out of Nigeria, uncovering that the group — dubbed 'SilverTerrier' — carried out an average of 92,739 attacks a month in 2019.
According to the Federal Bureau of Investigation's 2019 Internet Crime Report, BEC-related scams alone accounted for 23,775 complaints amounting to losses of over $1.7 billion.

BEC Attacks
In an advisory published by the FBI early this month, the agency warned of cybercriminals conducting BEC attacks through cloud-based email services, adding the scams cost US businesses more than $2.1 billion between 2014 and 2019.
'Cybercriminals analyze the content of compromised email accounts for evidence of financial transactions,' the FBI warned. 'Often, the actors configure mailbox rules of a compromised account to delete key messages. They may also enable automatic forwarding to an outside email account.'
The bureau also issued a separate warning highlighting how crooks are updating the profitable scam technique to capitalize on the ongoing coronavirus pandemic and perform fraudulent wire transfers.
In the face of such ongoing threats, it's recommended that users turn on two-factor authentication to secure their accounts and ensure fund transfer and payment requests are verified through phone calls confirming the transaction.

THN

#osutayusuf

Comments

Post a Comment

Popular posts from this blog

We Bring You Brief Series of Sanctions Against Uganda Government Officials.

By Editor
📸: Gen Abel Kandiho. On 9-December-2021, USA slapped sanctions against the then CMI Commander Gen Abel Kandiho. 📸: Gen Kale Kayihura. On 9-December-2022, UK slapped sanctions against former Police Boss Gen Kale Kayihura. 📸: Commissioner General of Prisons, Johnson Byabashaija. Again on this 4-December-2023, the same USA has slapped sanctions against Uganda Prisons Commander Johnson Byabashaija over alleged torture and human rights abuses in Prisons across Uganda. We ask, has USA and UK made December as an LCM to slap sanctions against high ranking government officials in Uganda even when the sanctions just remain on paper without deeper investigations to ascertain logical conclusions or remedy to that effect ?. #iip_updates  #Information_is_Power  #we_inform_the_uninformed
Post a Comment
Read more

WHERE IS MINISTER OF SEX SIMON LOKODO?. (He deserves a battle of soda from me! Ministe`r esalanga mabee. He is quick to run after Mrs Dr Stella Nyanzi and other Opposition elements. Government aza aza edo zuu vaa kpere bua). Anyway, below is the article! POLICE OFFICER AKOL ESTHER CHARGED OF BEING A PUBLIC NUISANCE Naughty Officer Officer who embarrassed police after leaking nude photo charged 13.03.2018 She serves in the 'Very Important Persons Protection Unit'  Akol Esther  (Courtesy) A female police officer whose nude photo surfaced on social media has been charged of being a public nuisance. Akol Esther serves in the Very Important Persons Protection Unit (VIPPU) of the police force. Kampala Metropolitan Police spokesperson Luke Owoyesigire says Akol Esther might be demoted or expelled from the police force if found guilty of circulating nude photos. Police court is yet to announce date when Akol Esther is expected to appear for a hearing. This comes at a time when Pornography Control Committee is taking tough measures against persons circulating pornography content. The committee warned and promised to arrest persons who will circulate pornographic content.

By Editor
POLICE OFFICER AKOL ESTHER CHARGED OF BEING A PUBLIC NUISANCE Naughty Officer Officer who embarrassed police after leaking nude photo charged 13.03.2018 She serves in the 'Very Important Persons Protection Unit' Akol Esther  (Courtesy) A female police officer whose nude photo surfaced on social media has been charged of being a public nuisance. Akol Esther serves in the Very Important Persons Protection Unit (VIPPU) of the police force. Kampala Metropolitan Police spokesperson Luke Owoyesigire says  Akol Esther might be demoted or expelled from the police force if found guilty of circulating nude photos . Police court is yet to announce date when Akol Esther is expected to appear for a hearing. This comes at a time when Pornography Control Committee is taking tough measures against persons circulating pornography content. The committee warned and promised to arrest persons who will circulate pornographic content.
Post a Comment
Read more

How to Host a Website for Free From Your PC or Laptop.

By Editor
Why pay for a web hosting service when your old computer can do the same thing? Learn how to self-host your site. If you're planning to launch a website but don't want to pay recurring monthly or annual hosting fees, you can use any old laptop or desktop PC to host a website for free. It's a great way to utilize your old system instead of throwing it away. In this guide, we will install and set up services on our 10-year-old laptop to host a WordPress, Joomla, or custom HTML or PHP-based website with a free SSL certificate. MAKEUSEOF VIDEO OF THE DAY Things You Will Need to Host a Website Following are the pre-requisites to host a website for free from home with just your computer: An old laptop or PC running Ubuntu Server. A registered domain name for your website Ethernet cable to connect the laptop or PC to router for reliable and fast connection Step 1: Update and Upgrade the Packages After  installing Ubuntu Server on your computer , execute the following c
Post a Comment
Read more