Business
email
compromise
(BEC)
attacks
involve
impersonating
an
executive
or
business
partner
in
order
to
convince
a
corporate
target
to
wire
large
sums
of
cash
to
an
attacker-controlled
bank
account.
Mounting
a
successful
international
version
of
this cyberattack
typically
requires
a
lot
of
effort
and
resources.
Necessary
steps
include
researching
the
target
thoroughly
enough
to
make
phishing
lures
convincing
and
hiring
native
speakers
to
translate
scams
into
multiple
languages.
But
that’s
all
changing
as
threat
groups
avail
themselves
of
free,
online
tools
that
take
some
of
the
legwork
out
of
the
process.
A
report
from Abnormal
Security
released
this
week
identified
two
BEC
groups
that
exemplify
the
trend: Midnight
Hedgehog
and
Mandarin
Capybara.
Both
are
leveraging Google
Translate,
which
lets
threat
actors
whip
up
a
plausible
phishing
lure,
in
almost
any
language,
in
an
instant.
Researchers
in
the
report
also
warned
that tools
like
commercial
business
marketing
services
are
also
making
it easier
than
ever
for
less-sophisticated
and
less-resourced
BEC
threat
groups
to
succeed. These,
mostly used
by
sales
and
marketing
departments
to
identify
“leads,”
make
it
simple
to
track
down
the
best
targets
regardless
of
their
region.
It’s
all
bad
news
for
defenders
given
that BEC
attacks
are
already
lucrative,
racking
up
$2.4
billion
in
losses
in
2021
alone,
according
to
the
FBI’s
Crime
Report —
and
the
number
of
BEC
attacks
continues
to
explode.
Now, with
some
of
the
cost
being
driven
out
of
performing
them,
volumes
are
only
likely
to
go
up.
BEC
Groups
Scale
Fast
With
Translation,
Marketing
Tools
Abnormal
Security’s
Crane
Hassold,
director
of
threat
intelligence who
wrote
the
report,
noted
that Midnight
Hedgehog
has
been
around
since
January
2021
and
impersonates
CEOs
as
its
specialty,
according
to
the
report.
So
far,
the
firm
has
observed
two
distinct
phishing
emails
from
the
group
translated
into
11
different
languages:
Danish,
Dutch,
Estonian,
French,
German,
Hungarian,
Italian,
Norwegian,
Polish,
Spanish,
and
Swedish. Thanks
to
Google
Translate’s
effectiveness,
the
emails
are
missing
the
simple
errors
users
are
trained
to
look
out
for
and
view
as
suspicious.
devee
via
Adobe
Stock
“We’ve
taught
our
users
to
look
for
spelling
mistakes
and
grammatical
errors
to
better
identify
when
they
may
have
received
an
attack,”
the
report
added.
“When
these
are
not
present,
there
are
fewer
alarm
bells
to
alert
native
speakers
that
something
isn’t
right.”
Requested
payments
from
Midnight
Hedgehog
range
anywhere
from
$17,000
to
$45,000,
the
report
said.
The
second
BEC
threat
group
the
report
highlights,
Mandarin
Capybara,
also
sends
emails
purporting
to
be
from
company
executives,
but
uses
a
twist:
It contacts
payroll
to
have
direct-deposited
paychecks
sent
to
an
account
they
control.
Abnormal
Security
has
observed
Mandarin
Capybara
targeting
companies
around
the
globe
with
phishing
lures
in
Dutch,
English,
French,
German,
Italian,
Polish,
Portuguese,
Spanish,
and
Swedish,
but
it
also targets
companies
outside
of
Europe
with
phishing
emails
aimed
at
English
speakers
in
the
US
and
Australia,
unlike
Midnight
Hedgehog,
which
the
report
said
sticks
to
non-English-speaking
victims
in
Europe.
Lowering
the
Barriers
to
BEC
Entry
Extending
campaigns
across
any
language
with
translation
tools
and
using
online
services
to
identify
“leads”
of
their
own
on
who to
victimize
with
their
next
cyberattack
makes
it
easier
than
ever to scale
operations
across
borders
for
BEC
cyberattackers.
“As
email
marketing
and
translation
tools
become
more
accurate,
effective,
and
accessible,
we
will
continue
to
see
hackers
exploiting
them
to
scam
companies
with
increasing
success,”
the
report
explained.
“Not
only
that,
because
these
emails
sound
legitimate
and
rely
on
behavioral
manipulation
instead
of
malware-infected
files,
Midnight
Hedgehog,
Mandarin
Capybara,
and
other
similar
BEC
groups
will
be
able
to
easily
bypass
legacy
security
systems
and
spam
filters.”
The
answer
to
defending
against
the
rising
number
and
increased
sophistication
of
BEC
attacks,
Hassold
explains
to
Dark
Reading,
is
a
two-pronged
approach.
“As
social
engineering
attacks
become
more
sophisticated
and
it
becomes
more
difficult
to
distinguish
them
from
legitimate
emails,
it
becomes
even
more
important
to
prevent
them
from
reaching
their
destination,”
he
tells
Dark
Reading.
“Security
awareness
training
certainly
has
a
role
in
defending
against
phishing
attacks,
but
the
best
way
to
prevent
employees
from
falling
for
these
attacks
is
simply
to
ensure
that
they
never
receive
them
in
the
first
place.”
That
means implementing
behavioral-based
machine
learning
and
AI
tools
tuned
to
detect
anything
outside
“normal”
behavior
will
be
a key
to
stopping
this
new
supercharged
version
of
international
BEC
attacks,
the
report
said.
About Author
