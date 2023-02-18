



Business email compromise (BEC) attacks involve impersonating executives or business partners in order to persuade the target company to transfer large amounts of cash to bank accounts controlled by the attackers. Successful international versions of this cyberattack typically require a lot of effort and resources. Necessary steps include thoroughly researching the target to make the phishing lure compelling and hiring native speakers to translate the scam into multiple languages. That’s all changing as groups take a step back from the process with free online tools.

A report from Abnormal Security released this week identified two BEC groups exhibiting this trend: Midnight Hedgehog and Mandarin Capybara. Both use Google Translate, allowing attackers to instantly craft plausible phishing lures in almost any language.

The report’s researchers also warn that tools such as commercial business marketing services are making it easier than ever for unsophisticated and under-resourced BEC threat groups to succeed. They are primarily used by sales and marketing departments to identify ‘prospects’, making it easy to track the best targets regardless of location.

Given that BEC attacks are already profitable, costing $2.4 billion in losses in 2021 alone, and the number of BEC attacks is exploding, according to the FBI Crime Report, defenders is all bad news. Some of the cost is now spent on running them, so volumes are likely to increase.

BEC Groups expands rapidly with translation and marketing tools

Crane Hassold, director of threat intelligence at Abnormal Security, who authored the report, said Midnight Hedgehog has been around since January 2021, with its area of ​​expertise impersonating the CEO.

So far we have seen two different phishing emails from this group in 11 languages: Danish, Dutch, Estonian, French, German, Hungarian, Italian, Norwegian, Polish, Spanish and Swedish. It has been confirmed that it has been translated into different languages. Thanks to the effectiveness of Google Translate, emails do not contain simple errors that users have been trained to be careful about and consider suspicious.

“We taught users to look for spelling and grammatical errors so we could more accurately identify possible attacks,” the report added. “If these aren’t present, less alarm her bells to warn native her speakers that something isn’t right.”

The payments demanded by Midnight Hedgehog ranged from $17,000 to $45,000, according to the report.

A second BEC threat group highlighted in the report, Mandarin Capybara, also sends emails impersonating company executives, but with a twist. That is to contact your payroll department and request that your salary be deposited directly into an account they control.

Abnormal Security Confirms Mandarin Capybara Targets Companies Worldwide Using Dutch, English, French, German, Italian, Polish, Portuguese, Spanish and Swedish Phishing Lures However, companies outside of Europe are also being targeted with phishing emails targeting European English speakers. Unlike Midnight Hedgehog, which targets non-English-speaking European victims, it has been reported in the United States and Australia.

Lowering barriers to BEC entry

By using translation tools to extend campaigns to any language and using online services to identify unique “clues” as to who will fall victim to the next cyberattack, BEC cyberattackers’ borders Scaling operations across the world has never been easier.

“As email marketing and translation tools become more accurate, effective, and accessible, hackers will continue to exploit them to take advantage of fraudulent companies and achieve success,” the report said. I’m explaining. “Not only that, but these emails sound legit and rely on behavioral manipulation rather than malware-infected files, so Midnight Hedgehog, Mandarin Capybara, and others like him in his BEC group are using traditional security You can easily bypass the system and spam filters.”

Hassold explained to Dark Reading that the answer to preventing the increasing number and sophistication of BEC attacks is two approaches.

“As social engineering attacks become more sophisticated and increasingly difficult to distinguish from legitimate emails, it becomes even more important to prevent them from reaching their destination,” he said. is talking to “Security awareness training certainly plays a role in defending against phishing attacks, but the best way to prevent employees falling for these attacks is to avoid them in the first place.”

In other words, implementing behavior-based machine learning and AI tools and tuning them to detect anything other than “normal” behavior will help thwart this newly enhanced version of the international BEC attack. is key to, says the report.

