A major Business Email Compromise (BEC) crime group discovered late last year has added a new list of thousands of executives to target in the US and Asia, according to Agari.
The email security provider uncovered the activity of organized crime group “London Blue” back in December, claiming it had used commercial lead-gen services to identify 50,000 executives to target.
The firm’s latest update claimed the group has, since November 2018, “amassed a new targeting database of nearly 8500 financial executives from almost 7800 different companies around the world.”
Although most of the targets are located in the US, as per last time, a recent focus has seen the group gather contact information for and launch BEC campaigns against targets in Hong Kong, Singapore and Malaysia. However, although the employees themselves are working in these countries, the companies are US, European and Australian.
“Another interesting development is the fact that London Blue made a rather dramatic shift in their attack methodology starting in late-February,” explained Agari senior director of threat research, Crane Hassold.
“Rather than simply using a free and temporary email account with an imposter display name to send their BEC emails, a tactic the group has used consistently since 2016, they started spoofing the email address of the target company’s CEO as a way to add a bit more authenticity to their malicious attacks.”
The best way to stop these is to switch on DMARC with the strongest policy (“p=reject”) as default.
London Blue is Nigerian in origin but with collaborators in the UK, US and Europe. It’s highly organized, with members assigned specific functions such as lead generation, assignment of leads, customizing BEC emails, recruitment of money mules, and so on.
The gang was first brought to the attention of Agari when it made the mistake of targeting the firm’s own CFO. Since then, it’s tried it's luck against the same exec a second time, in January this year.