Earlier this week, researchers have uncovered a Russian business email compromise (BEC) campaign targeting senior-level executives across 46 countries. If reports are to be believed, the sophisticated phishing campaign is said to be the first major online scam gang operating out of Russia. Cyber security researchers dubbed the fresh BEC campaign ‘Cosmic Lynx’- a group that has carried out over 200 BEC campaigns since July 2019. BEC scams are thought to be highly bankable for cyber attackers, where the affected organizations lose millions of dollars every month, after being lured into sending finances into accounts owned by cybercriminals.
As per security experts, Cosmic Lynx appears to be the doing of attackers that had in the past stuck to trojan malware attacks. Experts believe the infrastructure behind the phishing email operation is somewhat related to Emotet and Trickbot campaigns. According to the findings, Russian cyber attacks moving into BEC space is noteworthy because it shows that more advanced cyber attackers are realizing the ROI for BEC scams is far greater than email-based attacks. The surprising part of the attack is that the Russian gang is using its skills to develop much more technically sophisticated attacks that are difficult for victims to discover.
The victims generally hold some top designations including general manager, managing director, or vice president, and the reports suggest the attacks commence with a spoofed email with legitimate looks, appearing to come from the ‘CEO’ of the targeted organization. In the majority of the cases, the emails mentioned an alleged acquisition of an Asian company, where the receiver person is informed that the email is a secret and time-sensitive in nature, hence shouldn’t be disclosed to anyone else.
The ‘CEO’ then loops in a lawyer to complete the financial transaction. Researchers have found that the content of the emails is well written and comprises all the requisite financial terms. It is after the involvement of the lawyer that the attack finally forces the victim to make the transaction of thousands of dollars required to complete the acquisition process. Such is the sophisticated manner of the BEC scam that the victim may not even guess they have fallen victim to a phishing attack.
Security experts, backed by their research, believe that the Russian gang has been active in such BEC schemes for more than a year. At the moment, it is not possible to tell the number of organizations that have fallen victim to Cosmic Lynx attacks or how much money the attackers have stolen from organizations.
Experts believe companies will have to find new ways to discover these sophisticated, engineered cyber attacks. One cannot just block fishy emails. If someone believes they might be targeted by a similar BEC phishing scheme pretending to be from someone they know, the best way to ensure falling prey to such attacks is by sending a fresh email to the sender or best give them a call to confirm if the email is authentic or not.
Phishing scams continue to hit organizations and individuals hard in terms of financial loss. Earlier this year, the FBI in its reports stated that the BEC attacks set back victims by $1.7 billion last year. Unlike the usual BEC attacks, Cosmic Lynx exhibits the proficiency to develop much more creative and complex attacks that set them apart from the multitude of generic BEC attacks we see every other day.
For more news and updates on how to protect your organization. Follow us on Facebook, & LinkedIn or Contact us. Feel free to call us 406-646-2102 or mail sales@ExcelliMatrix.com.
