https://news.rambler.ru/img/2020/07/08/155251.345953.1188.jpeg

Researchers at cybersecurity has recorded the activity of hacker group Cosmic Lynx, which presumably includes the Russians. It is reported that cyber criminals are using advanced BEC-attacks on big business Fortune 500. How to operate these schemes and what is their danger — in the material “Газеты.Ru”.

Security company Agari reported a series of attacks carried out by the group Cosmic Lynx [Rus. “Space lynx], which presumably consists of Russians. It is known that for our purposes the hackers use the so-called BEC-attack [Business Email Compromise], or fraud in business correspondence.

From July 2019 Cosmic Lynx were able to hold about 200 attacks against companies in 46 countries.

While hackers choose as the victim organizations, which are included in the Fortune 500 or Global 2000, which means they have a large revenue.

It is reported that before the attack the cybercriminals have found the company, which was the acquisition of another business. They sent a message that was posing as General Director of the selling company, offering services to the “outside legal counsel” in order to complete the transaction.

“Legal counsel” in turn introduced the victim with another person who pretended to be a British lawyer specializing in acquisitions and mergers. This attacker has sent a letter to the General Director of the victim with instructions on how to make a money transaction. Ultimately, funds for the purchase of the business fell into the hands of fraudsters.

Researchers in cyber security say that, unlike most of the BEC-attacks, which are rife with grammatical errors and typos, schema, Cosmic Lynx makes a good command of the English language and the subtleties of its structure.

In addition, in their letters, the hackers used references to current events like pandemics as well as manner of speech peculiar to large businesses.

“Every crisis provides the soil to plant the seeds of possibilities. I am pleased to inform you that we decided to seize the moment and strive to acquire the assets of the company, which is experiencing not the best times. Our legal team is currently working on the closing of the transaction, and I would like you to assist on some of the issues that need to be addressed urgently”, — said in one of his letters, compiled by the cyber criminals.

There is no precise data how many Cosmic Lynx managed to earn his scheme, but given its activity, the amount can be six figures.

It is known that one of the victims sent the scammers $1.5 million.

“Газета.Ru” I spoke with security experts to find out what is the danger of BEC-attacks for modern business.

BEC-attack-the kind of phishing attacks using socialOh engineering, says Martin Hron, senior researcher of malware Avast.

“Criminals who have basic knowledge about the structure of the company, sending emails with fake e-mail addresses on behalf of any employee-usually the General or financial Director, or any of the company’s management. This Scam works similarly to phishing web sites-the attackers try to convince the victim to click a link or open an attachment to start the infection,” said Cron.

Type of attack “Business Email Compromise” is not that other, as the attack on e-mail for the purpose of control over the correspondence of employees, who are able to carry out payments via corporate accounts, explained the Director of information security Department Oberon Andrei Golovin.

According to him, the main danger of such attacks is that they cannot be identified with standard technical protection measures.

“No penetration into the payment system, in emails malicious content. For this reason, they quietly pass the antivirus and other security solutions. In addition, attackers use social engineering. The letters legitimate appearance — the style and design of the letters indistinguishable from the familiar to the employee correspondence. These messages are sent by the end of the day, or before the holidays, when everyone is in a hurry to close the case and go for a long weekend. The text of messages being prepared for a specific recipient that it does not stand out against the rest of the correspondence”, — said the expert.

According to Golovin, hackers were able to obtain large sums of money through such attacks.

“the U.S. Treasury, for example, assesses the damage from such attacks at $300 million per month. Last year the victims were and the municipality of Naples, Florida, with damages of about $700 thousand, and the American division of media Corporation Nikkei, which lost about $29 million, and one of the units of the Toyota Group with the loss of more than $37 million And here we are talking only about the brightest and largest cases that received wide publicity,” — said the source “Газеты.Ru”.

According to Ilyas Kireev, lead Manager for the promotion of Cross Technologies, in the period from 2016 to 2018 compromising attacks on business email led to the loss of more than $ 5 billion.

He noted that by 2020 there will be about 20 billion Internet-connected devices that allow attackers easier to carry out attacks using ransomware, including compromise of your business e-mail.

CTO of Check Point Software Technologies Nikita Durov confirmed “Газете.Ru” that BEC-attacks are widely used by cyber criminals.

“In December last year to our colleagues from servicess incident response addressed three financial companies, all of them reported leaks from the accounts and requested to investigate. Each company weekly transferred large sums to its partners. It turned out that the attackers tried to bring in third party account the amount of 1.1 million pounds. Of them managed to return only 570 thousand pounds. The attackers used the attack precisely the type of BEC. Later, the researchers called this group of criminals “the Florentine banker”,” — said Durov.