Information Security News mailing list archives
Looks Like Russian Hackers Are on an Email Scam Spree
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 8 Jul 2020 13:22:13 +0000 (UTC)
https://www.wired.com/story/russian-hackers-email-scams/ By Lily Hay Newman Security Wired.com July 7, 2020FOR YEARS, COSTLY email grifts have largely been the provenance of West African scammers, particularly those based in Nigeria. A newly discovered "business email compromise" campaign, though, appears to come from a criminal group in a part of the world better known for a different brand of online mayhem: Russia.
Dubbed Cosmic Lynx, the group has carried out more than 200 BEC campaigns since July 2019, according to researchers from the email security firm Agari, particularly targeting senior executives at large organizations and corporations in 46 countries. Cosmic Lynx specializes in topical, tailored scams related to mergers and acquisitions; the group typically requests hundreds of thousands or even millions of dollars as part of its hustles. The researchers, who have worked extensively on tracking Nigerian BEC scammers, say they don't have a clear sense of how often Cosmic Lynx actually succeeds at obtaining a payout. Given that the group hasn't lowered its asks in a year, though, and has been prolific about developing new campaigns—including some compelling Covid-19–related scams—Agari reasons that Cosmic Lynx must be raking in a fair amount of money.
"Most Eastern European and Russian hackers have been so entrenched in malware campaigns and technically sophisticated infrastructure that, as long as there are returns, they don’t need to adapt," says Crane Hassold, senior director of threat research at Agari and a former digital behavior analyst for the Federal Bureau of Investigation. "But defenses against technically sophisticated attacks have gotten significantly better, and they're realizing that the return on investment for these social-engineering-based attacks is much higher."
West African scammers typically run their BEC campaigns off of rented or free cloud infrastructure using free email accounts. They have increasingly branched out into utilizing off-the-shelf hacking tools like keyloggers and even backdoors into targets' systems, but malware has typically not played a major role. Overhead is much lower when you don't need to develop and maintain your own infrastructure and software. This may have been a selling point for Cosmic Lynx, which combines some of the technical chops of a Russian criminal hacking group with the cost savings of a classic, low-tech BEC attack.
[...]
-- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ Follow InfoSec News on Twitter https://twitter.com/infosecnews_ Follow InfoSec News on LinkedIn https://www.linkedin.com/company/infosecnews/
Current thread:
- Looks Like Russian Hackers Are on an Email Scam Spree InfoSec News (Jul 08)