Security News > 2023 > February > New cybersecurity BEC attack mimics vendors

The firm previously identified four kinds of financial supply chain compromise, which dispense with impersonation of internal executives at the target company and instead wear the garb of one of the company's vendors.

Abnormal Security says Firebrick Ostrich has used one of these types of financial supply chain compromises - third-party reconnaissance attacks - to commit 346 BEC campaigns dating back to April 2021, impersonating 151 organizations and using 212 maliciously registered domains, nearly all in the U.S. Crane Hassold, director of threat intelligence at Abnormal Security, said the amount of money that can be gotten from external, third-party impersonation is three times higher than traditional BEC exploits, and that their success stems from awareness deficit, as companies and their employees are trained to look for emails impersonating an internal executive, not a vendor.

"BEC actors have identified third parties - including vendors - as a weak link in the chain."

"The manufactured pretext of a technical issue is a common excuse used in many of the third-party reconnaissance attacks we see to explain why a vendor isn't able to access their own inventory of invoices, but the flattery shown here seems to be unique to this BEC group," said Hassold.

Another tactic is particularly stealthy because it does not request payment for a current invoice, but simply asks that a vendor's stored bank account details be updated so any future payments get redirected to the new account.

This holistic strategy would also incorporate information about the target company's third-party vendor ecosystem and monitor both for specific impersonation attacks spoofing those vendors and suspicious language and artifacts.

News URL

https://www.techrepublic.com/article/cybersecurity-bec-attack-mimics-vendors/