Security researchers have warned of a new Business Email Compromise (BEC) group that has used a fairly simple technique to target hundreds of victims with great success over the past two years.
Dubbed “Firebrick Ostrich” by Abnormal Security, the group has been responsible for at least 347 campaigns since April 2021. The number of successful campaigns is unknown, but the vendor describes its hit rate as “massive.”
The group uses open source research, including trawling government websites for information on existing contracts and vendors, as well as the total number of vendors.
“While this information is usually limited, it at least gives the attacker a small piece of information that can be exploited in an attack, namely the fact that there is an existing connection between the two organizations,” Abnormal Security’s Threat Intelligence Director of Operations Crane Hassold said. .
Once the attacker gathers this information, they register a domain name that closely resembles the legitimate domain of the impersonated vendor via Namecheap or Google. Because they do not have detailed information about the vendor-customer relationship, BEC emails are usually vague, inquiring about outstanding payments or even requesting updates to vendor payment details.
So far, Firebrick Ostrich has used 212 different maliciously registered domains to impersonate 151 different organizations in various fields, Hassold said.
Most (60%) domains were registered on the day the BEC email was sent, providing useful clues for corporate threat hunters.
The fact that this group doesn’t have detailed insight into their targets means they can also send emails to a centralized accounts payable email distribution list, which typically targets all finance employees at the same time. I mean
If even one of them catches the bait, the scammer will send the updated account information for payment.
“What makes this group so unique is that they are very successful without having to compromise accounts or do deep research into vendor-customer relationships.” Hassold concludes.
“By using very obvious social engineering tactics, you can discover everything you need to run a successful BEC campaign without investing significant time and resources in initial research.”
