BEC Scams | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers today took the wraps off a new sophisticated cyber-espionage campaign directed against aerospace and military organizations in Europe and the Middle East with an aim to spy on key employees of the targeted firms and, in some case, even to siphon money. The campaign, dubbed " Operation In(ter)ception " because of a reference to "Inception" in the malware sample, took place between September to December 2019, according to a new report cybersecurity firm ESET shared with The Hacker News. "The primary goal of the operation was espionage," the researchers told The Hacker News. "However, in one of the cases we investigated, the attackers tried to monetize access to a victim's email account through a business email compromise (BEC) attack as the final stage of the operation." The financial motivation behind the attacks, coupled with similarities in targeting and development environment, have led ESET to suspect Laz...

In a recent highly targeted BEC attack, hackers managed to trick three British private equity firms into wire-transferring a total of $1.3 million to the bank accounts fraudsters have access to — while the victimized executives thought they closed an investment deal with some startups. According to the cybersecurity firm Check Point, who shared its latest investigation with The Hacker News, nearly $700,000 of the total wire transferred amount has permanently lost to the attackers, with the rest of the amount recovered after researchers alerted the targeted firms in time. Dubbed ' The Florentine Banker ,' the sophisticated cybercrime gang behind this attack, "seems to have honed their techniques over multiple attacks, from at least several years of activity and has proven to be a resourceful adversary, quickly adapting new situations," the researchers said. 'The techniques they use, especially the lookalike domains technique, present a severe threat — not ...

The problem is simple: all breaches start with initial access, and initial access comes down to two primary attack vectors – credentials and devices. This is not news; every report you can find on the threat landscape depicts the same picture.  The solution is more complex. For this article, we'll focus on the device threat vector. The risk they pose is significant, which is why device management tools like Mobile Device Management (MDM) and Endpoint Detection and Response (EDR) are essential components of an organization's security infrastructure. However, relying solely on these tools to manage device risk actually creates a false sense of security. Instead of the blunt tools of device management, organizations are looking for solutions that deliver device trust . Device trust provides a comprehensive, risk-based approach to device security enforcement, closing the large gaps left behind by traditional device management solutions. Here are 5 of those limitations and how to ov...

Breaking News — The Nigerian prince and his allies who might have also asked you over an email for your assistance to help save "the first African astronaut lost in space" have finally been arrested by the FBI. Don't take it too seriously, as there's no Nigerian prince or an astronaut seeking your help. Instead, it was an infamous 'Nigerian 419' scam email template where fraudsters try to dupe you into making a quick online payment by offering a share in a large sum of money on the condition you help them transfer money out of their country. The FBI today announced the arrests of 281 suspects from around the world as part of an internationally coordinated law enforcement operation aimed at disrupting multi-billion-dollar BEC email and wire transfer scams. With no surprise, the largest number of arrests were made in Nigeria where authorities detained a total of 167 suspects, though a significant number of arrests were also made in nine other countrie...

The United States Department of Justice announced Monday the arrest of 74 email fraudsters across three continents in a global crackdown on a large-scale business email compromise (BEC) scheme. The arrest was the result of a six-month-long operation dubbed " Operation Wire Wire " that involved the US Department of Justice, the US Department of Homeland Security, the US Treasury, and the US Postal Inspection Service. The international law enforcement authorities led by the FBI arrested 42 of the total 74 individuals involved in BEC scheme in the United States, 29 in Nigeria and 3 each in Canada, Mauritius, and Poland. "Foreign citizens perpetrate many BEC scams. Those individuals are often members of transnational criminal organizations, which originated in Nigeria but have spread throughout the world," the DoJ says. Moreover, the authorities seized nearly $2.4 million and recovered about $14 million in fraudulent transfers, according to the FBI, which estima...