Authorities arrest ‘prominent’ Nigerian BEC threat actor

Authorities arrest ‘prominent’ Nigerian BEC threat actor

Remote work has undoubtedly opened up fertile ground for criminals hell-bent on running business email compromise (BEC) scams, so it’s good news that authorities have an operator, from Nigeria, in custody.

As part of a joint initiative called Operation Delilah, the Nigerian police force arrested what they called a “prominent” actor in the SilverTerrier Network who wreaked havoc with businesses globally.

DevOps/Cloud-Native Live!  Boston

“Following the arrest of 11 BEC actors as part of Operation Falcon II in December 2021, this recent operation is significant because it demonstrates the determination of global law enforcement to hold BEC actors accountable despite temporary setbacks,” according to Palo Alto Networks Unit 42 investigators who provided intelligence to Operation Delilah.

The bad actor left Nigeria in 2021 with the authorities hot on his trail. He tried to return again in March but was stopped, then stopped. “We have identified more than 240 domains that were registered with aliases for this actor,” Unit 42 researchers wrote in a statement. blog post. “Of that number, more than 50 were used to provide malware command and control. In particular, this actor falsely provided a New York City address associated with a major financial institution when registering his malicious domains.”

Investigators found a connection between this latest BEC player and Onuegbu Ifeanyi Ephraim, Darlington Ndukwu and Onukwubiri Ifeanyi Kingsley, who were arrested in 2021 as part of Operation Falcon II and noted that he is believed to be linked to other known BEC players.

BEC schemes have been a thorn in the side of organizations around the world, topping the FBI’s Internet Crime Complaint Center (IC3) report for six years in a row. In that time frame, the scams have grown from $360 million to $2.3 billion in 2021.

“While BEC attacks don’t get the daily headlines that ransomware does, they are still a highly profitable cybercrime enterprise,” said Rick Holland, CISO, Vice President of Strategy at Digital Shadows. “The methodical and targeted nature of BEC means that the volume of the attacks is not on the same scale as the extortion; however, the gains are still there.”

The threat of BEC attacks has been exacerbated by the pandemic. “Without being able to walk to someone else’s desk in the office, employees will have a much harder time validating unknown text messages or emails,” said Hank Schless, senior manager of security solutions at Lookout. “People are relying more than ever on their smartphones and tablets to communicate with colleagues while they are out of the office, which presents a number of issues,” including the lack of security tools and protections found for endpoints traditional, he said.

“Mobile devices exist at the intersection of our work and personal lives. Phishing through social media or SMS on the same device you use for work could compromise your work data as much as your personal data,” Schless said.

And it’s harder to identify a spearphishing attack on a mobile device. “Since mobile devices have smaller screens and a simplified user experience, that means you can’t preview link destinations or verify the sender’s identity,” he said. “Many of the red flags that we are trained to detect on desktop computers are almost impossible to see on mobile devices.”

Those security holes have not gone unnoticed by threat actors, who “are using remote work to their advantage to execute larger BEC attacks,” making mobile phishing attacks “the biggest concern for security teams.” IT and security,” Schless said. “Remote workers and the mobile devices they use to stay productive are off limits to the traditional security tools you’ve set up in the office.”

Joseph Carson, chief security scientist and advisory CISO at Delinea, agreed. “At a time when employees continue to work remotely, it’s more difficult than ever to verify with a colleague whether the request is legitimate,” Carson said. “When it appears to be urgent, most people will fall for that scam.”

One of the biggest challenges with BEC incidents “is that you have to provide evidence that your account was actually compromised and that the incident was not just human error,” he said. “With cybercriminals so good at hiding their tracks, it can sometimes be very difficult to gather that evidence.”

And BEC actors can often fly under the radar. “Groups don’t become household names and avoid having big targets on their backs,” Holland said.

Although the gateway to both BEC and ransomware remains a familiar foe, phishing, defenders face an uphill battle. “You can’t stop phishing, which comes from legitimate services, with employee awareness training,” said Patrick Harr, CEO of SlashNext. “At the same time, current defenses are not adjusted to meet these types of attacks.”

Unit 42 investigators praised the collaborative effort that led to the arrest of the Nigerian scammer. “This level of international cooperation (tracking actors as they travel internationally and subsequent apprehension of actors upon return to their home countries) represents a laudable advance in the ability of global law enforcement organizations to combat this type of crime,” the investigators wrote. researchers.

But the researchers said the scams are likely to continue to thrive. “BEC attacks will remain viable as long as the support structure that enables them remains intact,” said Sounil Yu, CISO at JupiterOne. “We believe that there are thousands of actors promoting these activities; therefore, a few arrests will not make a considerable difference.”

Leave a Comment