[BreachExchange] BEC Scammer Infects own Device, Exposes their Activity
Destry Winant
destry at riskbasedsecurity.com
Wed Mar 10 10:05:47 EST 2021
https://www.ehackingnews.com/2021/03/bec-scammer-infects-own-device-exposes.html
In some media depictions, criminal and state-backed hackers are
constantly portrayed as cunning and sophisticated, gliding inexorably
toward their most recent information heist. These digital operatives
are, obviously, human and inclined to botches that uncover their
activity. A North Korean man blamed for hacking Sony Pictures
Entertainment in 2014, for instance, mixed his real identity with his
alias in registering online accounts, making it simpler for U.S.
investigators to track him.
The latest illustration of blundering digital behavior happened when a
scammer contaminated their own gadget, offering researchers a
front-row seat to the attacker’s scheme and lessons in how to defend
against it. “This is a big failure in their operational security as it
gives us direct insight into some of the attacker’s tactics and
operation,” said Luke Leal, a researcher at web security firm Sucuri,
which made the discovery.
The assailant was attempting to complete a business email compromise
(BEC), a plan that utilizes spoofed emails to trick individuals into
sending crooks money. BEC tricks are so common they represented $1.7
billion in losses reported to the FBI in 2019 — or half of all
cybercrime losses reported to the authority. To complete the scam, the
scammer required more details on equipment utilized at an anonymous
oil organization to make malevolent emails to the organization's
workers more believable, Leal wrote in a blog post. That implied
planting noxious code on gadgets utilized at the organization to
monitor communications.
Simultaneously, be that as it may, the attacker obviously neglected to
eliminate the malevolent code they put on their own gadget, maybe for
testing purposes, giving Leal's team a window into the attacker’s
machinations and frustrations. Since it was tainted by the malware,
the gadget was sending screenshots back to the control panel the
hacker was utilizing in the scam. The researchers saw emails the
attacker sent to targeted employees and how they spread out payment
demands over various invoices to make the scam more believable.
Another such incident took place in 2016 when a couple of security
researchers uncovered a Nigerian scammer, that they said operated a
new kind of attack called “wire-wire”, this was after a couple of its
individuals unintentionally infected themselves with their own
malware.
More information about the BreachExchange
mailing list