Posts

METHOD – Business Email Compromise Statistics from FBI

Business email compromise (BEC) / email account compromise (EAC) is a scam where a combination of social engineering and computer intrusion techniques are used to obtain a transfer of funds from an organization. Lately, sophisticated / targeted social engineering and compromised email accounts have been used to conduct these attacks. According to the FBI, the scam has been reported in all 50 states in the US and 150 countries. Additionally, between December 2016 and May 2018, there was a 136% increase in identified global exposed losses.

In the report, the FBI mentions the targeting of the real-estate sector as the major increase. Also mentioned in the report was the fact that small, medium, and large sized businesses are being targeted as well.

Since 2015, Proficio has worked with clients that have been targets of various BEC scams. What Proficio has observed is impersonation of executives is common and finance and human resource departments are often targets of the scam.

Although the scams were known, What was not known was the impact of these scams and how profitable the parties performing the attacks could be. According to the FBI report, between October 2013 and May 2018, over 78,000 reported incidents accounted for over $12,000,000,000 in losses.

Because these attacks are now in the billions in losses and attackers will likely have resources and motives in the future to perform these attacks, it is recommended to pay a great deal of attention to these types of attacks in the future.

Proficio Threat Intelligence Recommendations:

  • Place additional checks and balances with procedures for wire transfers performed on behalf of the organization.
  • Deploy additional targeted user training around phishing for key executives and individuals in the finance and human resources department.
  • Report activity to the FBI if a successful BEC happens.

Public Service Annountcment – Click Here

Attacker: Actor – Mabna Institute / Silent Librarian

The Mabna Institute, also known as the threat actor “Silent Librarian” (Phishlabs), is a group of nine Iranian citizens that have been charged in a computer hacking campaign. The campaign compromised various targets, such as US and foreign universities, private companies, and US government entities. Several specific targets were identified by PhishLabs and the FBI, and they include the US Department of Labor, the Federal Energy Regulatory Commission, the Los Alamos National Laboratory, and the Memorial Sloan Kettering Cancer Center. According to the FBI, the campaign has been ongoing for about four years and has compromised 144 US based universities and 176 foreign universities. According to Phishlabs, the tactics of the phishing campaigns used to compromise these entities barely changed over time. Targeted users were sent emails stating their library account was expiring. The users were then directed to a link which was a redirect to a phishing page requesting a username and password.

Proficio Threat Intelligence Recommendations:

  • User phishing training usually helps mitigate risk against users falling for basic types of phishing campaigns.

Phislabs technical analysis of the campaign – Click Here

FBI release on individuals wanted – Click Here