Over the past three months, there has been an increase in targeted attacks on Russian companies via email
During May-July 2021 Kaspersky Lab prevented more than 100 targeted BEC (Business Email Compromise) attacks against Russian companies. Alexey Marchenko, head of the content filtering methods development department, stressed that such cases have become more frequent lately. The trend was confirmed by market participants, as well as other organizations that specialize in cybersecurity.
The attacks targeted companies in the airline, industry, retail, IT and delivery sectors. According to Mr. Marchenko, most often the victims are employees who have access to finances and important documents. He stressed that attacks are usually prepared from several weeks to several months and can lead to multimillion-dollar damage to the organization.
"Often, attackers use hacked employee accounts or addresses that are visually similar to the company's official mail but differ by few characters to conduct BEC attacks. Usually, attackers are well aware of the structure of the company and its processes, and also know how to use social engineering techniques. Some of these attacks become possible due to the fact that criminals easily find the names and positions of employees, their location, vacation dates and contact lists in the public domain," the specialist explained.
BEC attacks begin with correspondence with an employee of the company in order to gain his trust. Then he is persuaded to do a number of actions that will eventually damage the business. For example, transfer money to a counterparty's false account or provide confidential documents to a fake lawyer.
Data leaks that cybercriminals use for BEC attacks occur both through negligence and through deliberate information leakage. In addition, for such attacks, an employee can specially get a job in an organization with the task of obtaining the necessary data, then about a month is enough for preparation BEC attack.
Experts note that BEC attacks require minimal assets. Most of the tools for them can be purchased on the darknet, and domain names and mailboxes can be created using free services.
