Expert Warns About Business Email Compromise Attacks as Law Enforcements Focus on Ransomware

For the past two years, government agencies, local authorities, and security firms have spent years investigating ransomware attacks and finding ways to take down ransomware groups.

Despite all of their efforts, the cases continued to grow. The ransomware groups show that they do not pick and choose which sector to victimize, from small businesses and massive corporations to hospitals and schools.

But the crackdown on ransomware is not without progress. Law enforcement in the United States and the governments around the world were able to locate the masterminds of these ransomware groups, with the leader of the notorious Lapsus$ being the biggest fish that they have caught so far.

Because of this development, researchers pointed out that hackers may change tactics if their main hustle isn’t working anymore.

Business Email Compromise Attacks

RSA, a network security company, based in Massachusetts, held a conference in San Francisco on May 30 to talk about the recent ransomware attacks.

One of the company’s longtime digital scams researcher, Crane Hassold, warned the attendees that ransomware actors may switch to business email compromise or BEC attacks as their main way of scamming victims is now deemed high risk and has become less profitable.

Also Read: US Govt Warns Businesses of Increasing Email Scams 

In the US, the Federal Bureau of Investigation (FBI) has discovered that the money that scammers make via BEC scams is a lot more compared to the money that they make through ransomware attacks.

According to Wired, what makes the two different is that ransomware attacks are more visible and cause more disruption.

What Happens in BEC?

In business email compromise, the scammers will infiltrate a legitimate business email account and use the access to send fake invoices or initiate contract payments to trick victims into transferring money. Since the source of the emails looked legit, the victims wouldn’t suspect it. Unfortunately, they sent the payment to cybercriminals because they thought it was just a normal payment process to their billers, according to SCMagazine.

Hassold, who was once a digital behavior analyst for the FBI, said that governments all over the world are paying so much attention to ransomware and are taking extra steps to disrupt it that they don’t realize that cyber criminals are now moving forward with a different scam.

Hassold added that this new threat, the BEC, has more sophisticated actors behind it because more money is being made with it.

The BEC attacks reportedly originated in West Africa, according to TechTarget. These types of attacks are less technical, and they rely more on social engineering, which means it has a compelling narrative that tricks their victims into taking immediate action.

However, Hassold points out that a lot of the malware used in ransomware attacks is flexible, with a type of quality that allows scammers to easily assemble the combination of software tools they need to complete their hustle.

Hassold also stated that while ransomware gangs are made up of small teams, BEC actors are organized into a more decentralized group, making it more difficult for law enforcement to target a specific organization or a mastermind.

Just like how Russia was unwilling to cooperate with the FBI on ransomware investigations, the Nigerian government is taking too long to develop a strong working relationship with the global law enforcement regarding BEC attacks.

But even if Nigeria acknowledges the dangers of BEC, combating it is still a challenge.

[embedded content]

Related Article: Google to Experience Huge BEC Phishing Campaign! Experts Claim Fraudsters Lure Forms Tool Users as Preparation

This article is owned by Tech Times

Written by Sophie Webster

ⓒ 2021 All rights reserved. Do not reproduce without permission.

See all articles in Insights

Similar Posts