A hacker group has compiled a list of 35,000 chief financial officers, some working at the world’s biggest banks and mortgage companies, so it can target them with requests to transfer money.
The “London Blue” hackers are the latest group to focus on “business email compromise” (BEC) campaigns, according to the cyber threat detection company Agari, which found a list of 50,000 targets. Most of the rest of the people on the list were in accounting departments.
Agari has handed its evidence to the US and UK law enforcement agencies. If members of the hacking group are found to be based in the UK and US, it could be easier to prosecute them than in other territories.
Commenting on the rise of BEC campaigns in targeting CFOs and the global threat posed by London Blue, are IT security experts commented below.
Tim Sadler, Co-founder and CEO at Tessian:
“Business email compromise (BEC) campaigns, like any other strong-form impersonation email attack, seek to defraud an organisation of money or sensitive information by spoofing a trusted individual’s identity and hijacking their relationship with an unsuspecting colleague in order to reveal the necessary information.
In this case, the unsuspecting individuals are CFOs at globally renowned financial institutions. As Agari’s research highlights, high profile and C-level employees of financial institutions are becoming increasingly popular targets of BEC scams because they have access to lucrative data and have the power to authorise high-value money transfers. The Pathé incident from a few weeks, in which 19 million euros was stolen after the company’s CFO was duped by a BEC email scam, also emphasises how effective, and costly, these attacks can be.
It is clear that no employee, regardless of seniority, is safe from the threat of spear-phishing. As long as a willing attacker can gain access to the requisite information, and email networks remain open and unprotected, they can effectively masquerade as an employee in order to exploit those that have the power to manage and release company funds. With access to global contact lists and a deftness for strong-form impersonation methods, London Blue have the resources and know-how to extract money at a great scale.”
Corin Imai, Senior Security Advisor at DomainTools:
“This revelation should be a serious concern to businesses. BEC fraud can have devastating consequences for the organisation targeted; The amounts of money involved more than often outweigh those associated with the more general phishing scams, which cast a wide net in the hopes of securing multiple payments. These scams prey on the high-pressure environments of large corporations, hoping that those responsible for transferring funds will be more concerned with completing the task quickly than by making sure it is an authentic request. CFOs should make efforts to verify any requests that they find unusual– Taking slightly longer to make a transfer is significantly better than unwittingly helping to facilitate a fraudulent transaction.”
Javvad Malik, Security Advocate at AlienVault:
“It should come as no surprise for companies to experience BEC or similar targeting phishing attacks against CEO’s, CFO’s and other executives.
It is a social engineering attack which relies on fooling the recipients into making payments. Therefore, educating and making execs aware of these scams is thefirst step in nipping the problem in the bud. Additional measures can be taken whereby double authorisation is needed to setup a new recipient or to send large payments.”