Looks Like Russian Hackers Are on an Email Scam Spree

[InfoSec News <alerts () infosecnews org>]

https://www.wired.com/story/russian-hackers-email-scams/

By Lily Hay Newman
Security
Wired.com
July 7, 2020

FOR YEARS, COSTLY email grifts have largely been the provenance of West 
African scammers, particularly those based in Nigeria. A newly discovered 
"business email compromise" campaign, though, appears to come from a 
criminal group in a part of the world better known for a different brand 
of online mayhem: Russia.

Dubbed Cosmic Lynx, the group has carried out more than 200 BEC campaigns 
since July 2019, according to researchers from the email security firm 
Agari, particularly targeting senior executives at large organizations and 
corporations in 46 countries. Cosmic Lynx specializes in topical, tailored 
scams related to mergers and acquisitions; the group typically requests 
hundreds of thousands or even millions of dollars as part of its hustles. 
The researchers, who have worked extensively on tracking Nigerian BEC 
scammers, say they don't have a clear sense of how often Cosmic Lynx 
actually succeeds at obtaining a payout. Given that the group hasn't 
lowered its asks in a year, though, and has been prolific about developing 
new campaigns—including some compelling Covid-19–related scams—Agari 
reasons that Cosmic Lynx must be raking in a fair amount of money.

"Most Eastern European and Russian hackers have been so entrenched in 
malware campaigns and technically sophisticated infrastructure that, as 
long as there are returns, they don’t need to adapt," says Crane Hassold, 
senior director of threat research at Agari and a former digital behavior 
analyst for the Federal Bureau of Investigation. "But defenses against 
technically sophisticated attacks have gotten significantly better, and 
they're realizing that the return on investment for these 
social-engineering-based attacks is much higher."

West African scammers typically run their BEC campaigns off of rented or 
free cloud infrastructure using free email accounts. They have 
increasingly branched out into utilizing off-the-shelf hacking tools like 
keyloggers and even backdoors into targets' systems, but malware has 
typically not played a major role. Overhead is much lower when you don't 
need to develop and maintain your own infrastructure and software. This 
may have been a selling point for Cosmic Lynx, which combines some of the 
technical chops of a Russian criminal hacking group with the cost savings 
of a classic, low-tech BEC attack.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
Follow InfoSec News on Twitter
https://twitter.com/infosecnews_
Follow InfoSec News on LinkedIn
https://www.linkedin.com/company/infosecnews/