A hacker group has compiled a list of 35,000 chief financial officers, some working at the world’s biggest banks and mortgage companies, so it can target them with requests to transfer money.
The “London Blue” hackers are the latest group to focus on “business email compromise” (BEC) campaigns, according to the cyber threat detection company Agari, which found a list of 50,000 targets. Most of the rest of the people on the list were in accounting departments.
Agari has handed its evidence to the US and UK law enforcement agencies. If members of the hacking group are found to be based in the UK and US, it could be easier to prosecute them than in other territories.
Commenting on the rise of BEC campaigns in targeting CFOs and the global threat posed by London Blue, are IT security experts commented below.
Tim Sadler, Co-founder and CEO at Tessian:
In this case, the unsuspecting individuals are CFOs at globally renowned financial institutions. As Agari’s research highlights, high profile and C-level employees of financial institutions are becoming increasingly popular targets of BEC scams because they have access to lucrative data and have the power to authorise high-value money transfers. The Pathé incident from a few weeks, in which 19 million euros was stolen after the company’s CFO was duped by a BEC email scam, also emphasises how effective, and costly, these attacks can be.
It is clear that no employee, regardless of seniority, is safe from the threat of spear-phishing. As long as a willing attacker can gain access to the requisite information, and email networks remain open and unprotected, they can effectively masquerade as an employee in order to exploit those that have the power to manage and release company funds. With access to global contact lists and a deftness for strong-form impersonation methods, London Blue have the resources and know-how to extract money at a great scale.”
Corin Imai, Senior Security Advisor at DomainTools:
Javvad Malik, Security Advocate at AlienVault:
It is a social engineering attack which relies on fooling the recipients into making payments. Therefore, educating and making execs aware of these scams is thefirst step in nipping the problem in the bud. Additional measures can be taken whereby double authorisation is needed to setup a new recipient or to send large payments.”
The opinions expressed in this article belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.