London Blue hackers targeting 35,000 CFOs with spear-phishing attacks
4 December 2018
Security researchers have identified a Nigerian hacker group called “London Blue” which has extended its operations into Western Europe and is planning to launch spear-phishing attacks on over 50,000 corporate executives, including 35,000 CFOs at firms based in the U.S., the UK, Spain, the Netherlands, Finland and Mexico.
Earlier this year, the FBI arrested as many as 74 cyber criminals belonging to cyber crime groups based in the United States, Nigeria, Canada, Mauritius, and Poland for carrying out a large number of Business Email Compromise (BEC) attacks on companies across the world.
“The devastating impacts these cases have on victims and victim companies affect not only the individual business but also the global economy. Since the Internet Crime Complaint Center (IC3) began formally keeping track of BEC and its variant, e-mail account compromise (EAC), there has been a loss of over $3.7 billion reported to the IC3,” said the FBI in a press release.
In July, the FBI announced that as many as 38,414 BEC attacks took place between January 2017 and May this year, costing enterprises a total of $7.23 billion (£5.50 billion) in losses. In comparison, companies across the world suffered 40,203 BEC attacks between October 2013 and December 2016, suffering $12.5 billion (£9.52 billion) in losses.
London Blue thriving on BEC attacks
Security firm Agari recently uncovered the rise of another Nigeria-based cyber crime group called London Blue which, the firm noted, focusses on carrying out Business Email Compromise (BEC) attacks on companies located in the United States, Spain, the United Kingdom, Finland, the Netherlands, Mexico and 76 other countries.
According to Agari, London Blue recently extended its base of operations into Western Europe. While two of its primary members are now operating from the UK, seventeen other members are presently located in the United States and Western Europe.
The firm’s research into London Blue’s activities revealed that the group has prepared a list of more than 50,000 corporate executives who it aims to target with spear-phishing attacks in the near future. While around 35,000 of such executives are company CFOs, 2% are executive assistants, and the remainder are other finance leaders.
The targeted executives are working at among the largest multinational corporations, several of the world’s biggest banks, large mortgage companies, and other small and medium companies across the globe, with over half of them being based in the United States.
“London Blue operates like a modern corporation. Its members carry out specialized functions including business intelligence (lead generation), sales management (assignment of leads), email marketing (semi-customized BEC attack emails), sales (the con itself, conducted with individual attention to the victim), financial operations (receiving, moving and extracting the funds), and human resources (recruiting and managing money mules),” the firm noted.
“Like a business, London Blue uses commercial data providers to identify potential targets of their BEC campaigns. Most recently, the group has relied on a San Francisco-based company to generate “leads.” Using this service, London Blue is able to collect comprehensive information about targets, including name, company, title, work email address, and personal email address. All of the potential targets London Blue collects information on have financial roles in their respective companies.
“These leads are collated and shared among various members of the group. Notably, much like a sales department targets prospects in specific regions, London Blue focuses on specific states or countries during each of their lead generation runs. Out of the more than 60 distinct lead lists we have identified, more than half of them are finely crafted to collect data on financial targets in nine different U.S. states and seven countries,” it added.
Commenting on the uncovering of London Blue’s terrifying plans of targeting top corporate executives, Corin Imai, senior security advisor at DomainTools, told TEISS News that the revelation should be a serious concern to businesses as BEC fraud can have devastating consequences for the organisation targeted. The amounts of money involved more than often outweigh those associated with the more general phishing scams, which cast a wide net in the hopes of securing multiple payments.
“These scams prey on the high-pressure environments of large corporations, hoping that those responsible for transferring funds will be more concerned with completing the task quickly than by making sure it is an authentic request. CFOs should make efforts to verify any requests that they find unusual– Taking slightly longer to make a transfer is significantly better than unwittingly helping to facilitate a fraudulent transaction,” he added.
According to Javvad Malik, security advocate at AlienVault, educating and making executives aware of these scams is the first step in nipping the problem in the bud as these scams rely on fooling the recipients into making payments. Companies should also take additional measures to implement double authentication for setting up new recipients or making large transactions.