The report reveals how an emerging threat group employs a multi-phased BEC attack with an M&A theme to steal from multinational enterprises
SAN FRANCISCO–(BUSINESS WIRE)–Abnormal Security, the leading behavioral AI-based email security platform, announced today a new threat report that reveals a number of business email compromise (BEC) attacks linked to a threat group based in Israel—a historically unlikely location for BEC threat actors. The report is based on Abnormal research surrounding more than 350 BEC campaigns from these attackers dating back to February 2021.
Most BEC attacks have historically originated in West Africa, with 74% of all attacks analyzed by Abnormal over the past year based in Nigeria. And while many BEC actors found in other countries are connected to Nigeria, there are no indications that the threat group examined in this report has any direct Nigerian ties—making it a notable outlier in the BEC threat landscape.
The research provides a view into how the Israel-based group executes an attack across two phases, each employing a different persona—one internal and one external. The primary pretext is that the organization is working through the confidential acquisition of another company, and the targeted employee is asked to help with the initial payment required for the merger.
The attackers start by impersonating the targeted employee’s CEO before handing off the correspondence to a second external persona, typically a mergers and acquisitions attorney, whose job it is to coordinate the payment. In some campaigns, once the attack has reached this second stage, the group asks to transition the conversation from email to a voice call via WhatsApp, both to expedite the attack and to minimize the trail of evidence.
Key findings from the report include:
“Ultimately, the motivation here is no different from any other BEC attack: to make money as quickly and as easily as possible,” said Mike Britton, chief information security officer at Abnormal. “What is interesting is that these attackers are based in Israel, which is not a country historically connected to cybercrime, and which has traditionally been a location where cybersecurity innovation is prevalent.”
The research shows how BEC is continuing to spread, and how attackers are employing more sophisticated, multi-phase attack tactics as they set their sights on massively larger sums of money than we’ve seen before. To prevent these attacks, enterprises will need an intelligent cloud email security solution that can precisely detect and block attacks before they reach email inboxes.
The Abnormal platform uses behavioral AI to baseline known-good behavior across employees, vendors, applications, and tenants in the email environment. By understanding what is normal, Abnormal can then detect anomalies and remediate malicious emails in seconds, before employees ever have an opportunity to engage with them. This risk-adaptive approach enables Abnormal to prevent emails sent from attackers like this Israel-based group and others, so organizations can stay safe from evolving email attacks.
To learn more about this Israel-based threat group, download the full report here.
About Abnormal Security
Abnormal Security provides the leading behavioral AI-based email security platform that leverages machine learning to stop sophisticated inbound email attacks and dangerous email platform attacks that evade traditional solutions. The anomaly detection engine leverages identity and context to analyze the risk of every cloud email event, preventing inbound email attacks, detecting compromised accounts, and remediating emails and messages in milliseconds—all while providing visibility into configuration drifts across your environment. You can deploy Abnormal in minutes with an API integration for Microsoft 365 or Google Workspace and experience the full value of the platform instantly, with additional protection available for Slack, Teams, and Zoom. More information is available at abnormalsecurity.com.
Contacts
Jade Hill
Director of Communications
media@abnormalsecurity.com
SINGAPORE - Media OutReach Newswire - 28 December 2024 - The inaugural Yuewen Music Festival…
Formulated with 90% naturally-derived ingredients and Dermal Precision Technology to maximise absorption and minimise irritation…
HANOI, VIETNAM - Media OutReach Newswire - 27 December 2024 - The VinFast VF 8…
HANOI, VIETNAM - Media OutReach Newswire - 27 December 2024 - Driven by the vision…
SINGAPORE - Media OutReach Newswire - 27 December 2024 - Black Group Investment Holding Pte…
BANGKOK, THAILAND – Media OutReach Newswire - 27 December 2024 – PTT Oil and Retail…