Business E-mail Compromise

-
A new email-based attack campaign is targeting key employees from companies in the U.S., Middle East and Asia with the goal of compromising their computers and email accounts.

What is BEC?


Business Email Compromise (BEC) as a sophisticated scam targeting businesses working with foreign suppliers and businesses that regularly perform wire transfer payments. Formerly known as Man-in-the-Email scams, these schemes compromise official business email accounts to conduct unauthorized fund transfers.
BEC involves attackers hijacking the email accounts of business executives or accounting employees who typically authorize financial transactions inside organizations.
Their hijacked email accounts can then be used to trick other employees, suppliers or business partners to initiate fraudulent payments to accounts controlled by the attackers.
Security researchers from antivirus firm Trend Micro recently detected an attack against companies from 18 countries where key employees were targeted with emails that contained a commercial keylogger program called Olympic Vision.

How it is working actually?

BEC scams often begin with an attacker compromising a business executive’s email account or any publicly listed email. This is usually done using keylogger malware or phishing methods, where attackers create a domain that’s similar to the company they’re targeting, or a spoofed email that tricks the target into providing account details. Upon monitoring the compromised email account, the fraudster will try to determine who initiates wires and who requests them. The perpetrators often perform a fair amount of research, looking for a company that has had a change in leadership in the C-suite of the finance function, or companies where executives are travelling, or by leading an investor conference call and use this as an opportunity to execute the scheme-the researchers explained Working of this attack.
The rogue emails masqueraded as messages from business partners pertaining to recent bank transfers and invoices with alleged errors. Instead of real documents, the emails had the Olympic Vision keylogger attached.
This malware program is not very sophisticated, but for the purpose of these attacks it doesn't need to be. A toolkit to customize and generate the malicious installer can be acquired for as little as $25 on the black market.
Once installed on a computer, Olympic Vision steals information about: the system configuration; log-in credentials saved in browsers, email clients, FTP programs and instant messaging applications; key strokes; network information; clipboard images and text. It can also take screen shots.
This information helps attackers to identify valuable computers, gain access to email accounts and understand the internal accounting workflows of the targeted companies. They can then use the information to convince others to initiate fraudulent payments.

"We looked at the trail of Olympic Vision keyloggers being used in the wild to check for organized activity, and were able to trace the identities of the actors, and positively identified two Nigerian cybercriminals -- one operating from Lagos, and the other from Kuala Lumpur," the Trend Micro researchers said in a blog post.
Business Email Compromise has become a serious issue over the past two years, the FBI estimating that businesses worldwide have lost over a billion dollars to such scams. Reports earlier this year claimed that Belgian bank Crelan lost 70 million euros and Austrian airplane parts manufacturer FACC Operations lost 50 million euros following BEC attacks. So Beware folks!

Comments

Post a Comment

Popular posts from this blog

Dresscode-Android malware that can infiltrate corporate networks is spreading

-
Image
According to Trendmicro, DressCode-a family of Android malware, has been found circulating in at least 3,000 Trojanized apps. An Android malware is spreading across app stores, including Google Play, and has the capability of stealing sensitive files from corporate networks. DressCode hides itself inside games, user interface themes, and phone optimization boosters. It can also be difficult to detect because the malicious coding only makes up a small portion of the overall app. On Google Play, Trend Micro found more than 400 apps that are part of the DressCode family, it said. That's 10 times more than what security researchers at Check Point observed a month ago. Trend Micro added that one these apps on Google Play had been installed 100,000 to 500,000 times. Once installed, Dress Code's malicious coding will contact its command and control servers and receive orders from its developers. The malware is particularly dangerous because it can infiltrate whatever internet
Read more

Clickjacking leads Android ransomware to gain the administrative rights!

-
Image
What is Ransomware? Ransomware   is one type of malware which prevents or limits users from accessing their system.   File-encrypting ransomware which is also called as Cryptolocker applications that target Android devices are becoming increasingly sophisticated. One new such program is using clickjacking techniques to trick users into granting it administrator rights. What’s this Clickjacking? Clickjacking is a method that involves manipulating the UI in a way that allows attackers to hijack users' clicks and trigger unauthorized actions. It is mostly used in Web-based attacks, where various technologies allow creating invisible buttons and positioning them on top of seemingly harmless page elements. Due to the restrictive application permissions system in Android, ransomware apps targeting the OS have historically been less effective than on Windows. For example, many of the early Android ransomware threats only displayed a persistent window on the screen with an
Read more

Importance of secure SDLC

-
Image
Time does require the change. Isn’t it? We’ll talk about the importance of securely software development life cycle in this story. We all know what exactly SDLC is? SDLC stands for Software Development Life Cycle. The developers builds the applications for certain purpose. The SDLC process has got certain pre-defined phases.  Requirement Gathering: What is the purpose and what’s it going to take for building the application. Plan and Design: Plan the phases of development. Prioritize the modules and finalize the design suitable. Implementation: Start implementing the modules. Coding takes place. Testing: Test the modules which are built Deploy: Deploy the application once the application is tested properly. Maintain: Check whether the application behaves exactly in the same way it was meant to. Eliminate the vulnerabilities identified if any. This is how the traditional SDLC process works. There are certain models to accomplish the pr
Read more