3 men suspected of participating in a massive business email compromise (BEC) ring have been arrested in Lagos, Nigeria.
Some 50,000 targeted victims have been identified so far in a huge, worldwide scam business that involves 26 different malwares.
A joint INTERPOL, Group-IB & Nigeria Federal Police Force cyber-crime investigation led to the arrest of Nigerian nationals, thought to be distributing malware, carrying out phishing campaigns & extensive scams worldwide.
In a BEC attack, a scammer impersonates a company executive or other trusted person & tries to trick an employee responsible for payments or other financial transactions into wiring money to a phoney account.
Attackers usually conduct some recon. work, studying executive styles & uncovering the organisation’s vendors, billing system practices & other information to help mount a realistic attack.
The elements of this campaign are wide-ranging, observes INTERPOL: The suspects are alleged to have developed phishing links & domains, then carrying out mass-emailing campaigns where they impersonated employees at varied organisations.
Upon successful social engineering, they then spread 26 different malware versions to targets, including spyware & remote access trojans (RATs), commented law enforcement. The samples included AgentTesla, Loki, Azorult, Spartan & the nanocore & Remcos RATs.
While investigations are continuing, some 50,000 targeted victims have been identified thus far.
“These programs were used to infiltrate & monitor the systems of victim organizations & individuals, before launching scams & siphoning funds,” according to INTERPOL, in a Wed. announcement. “Outlined Group-IB, the prolific gang is believed to have compromised govt. & private-sector companies in over 150 nations since 2017.”
Says the 1 year-long investigation, named “Operation Falcon,” the gang in question is divided into subgroups, & a number of individuals are still hunted.
“This group was running a well-established criminal business model,” suggested Craig Jones, INTERPOL’s Cyber Crime Director. “From infiltration to cashing in, they used a multitude of tools & techniques to generate maximum profits. We look forward to seeing additional results from this operation.”
This news comes as the average wire-transfer loss from BEC attacks is significantly on the rise: In the 2nd quarter of 2020 the average was $80,183, up from $54,000 in the 1st quarter, according to the Anti-Phishing Working Group (APWG).
While Nigeria & West Africa are still top hotspots for BEC gangs, the APWG report found that the rise in dollar amounts could be driven largely by 1 Russian BEC operation, which has been targeting companies for an average of $1.27 million per attempt.
The Russian BEC group, Cosmic Lynx, was spotted prowling around earlier this summer by researchers at Agari. It has launched more than 200 BEC campaigns since July 2019, which have targeted individuals in 46 countries on 6 continents, according to statistics. Preferred targets include US Fortune 500 & Global 2,000 companies, which helps to explain the large monetary values.