These devious cybercriminals impersonate law firms to steal your data
Date:
Fri, 04 Nov 2022 11:03:52 +0000
Description:
Blind BEC attacks by Crimson Kingsnake impersonate a number of high profile law firms.
FULL STORY ======================================================================
Cybersecurity researchers have spotted crooks impersonating major law firm powerhouses to try and trick people into making payments for bogus work.
Experts from Abnormal Security uncovered a brand new Business Email
Compromise (BEC) attack, conducted by a threat actor dubbed Crimson
Kingsnake.
In the attack, the threat actors would send out an email , pretending to be one of a number of large American law firms, requesting payment for work that was allegedly done months ago. Talking to themselves
The targets are most likely chosen at random, in what researchers describe as blind BEC attacks - so in other words, the attackers would cast a wide net
and see what sticks.
The email itself is quite meticulously crafted, using big names such as Kirkland & Ellis, Sullivan & Cromwell, and Deloitte. Obviously, its typosquatted (the email address is almost identical to the authentic email belonging to the impersonated law firm, but not quite identical), but the
body holds all the right logos and letterheads. Its also punctual, which is not a feature we usually see in BEC and phishing attacks.
It gets even more interesting when the victim challenges the attacker. Should they question the work, the payment, or anything else of the sorts, the attackers would add in a third persona, a fake executive from the target
firm, who would then confirm the authenticity of the request, and approve the payment.
"When the group meets resistance from a targeted employee, Crimson Kingsnake occasionally adapts their tactics to impersonate a second persona: an executive at the targeted company," the report reads. Read more
The many moving parts of business email compromise
Your boss isn't really emailing you - it's a scam
Here are the best firewalls around
When a Crimson Kingsnake actor is questioned about the purpose of an invoice payment, we've observed instances where the attacker sends a new email with a display name mimicking a company executive. In this email, the actor
clarifies the purpose of the invoice, often referencing something that supposedly happened several months before, and authorizes the employee to proceed with the payment."
Despite everyones best efforts, phishing emails and business email compromise attacks are still one of the most popular ways for cybercriminals to conduct their raids. Employees on the receiving end of these emails are often reckless, overworked, or distracted, doing things they wouldnt normally do, including making wire transfers, downloading attachments, signing into services through links provided in the email, etc. Check out the best
endpoint protection services right now
Via: BleepingComputer
======================================================================
Link to news story:
https://www.techradar.com/news/these-devious-cybercriminals-impersonate-law-fi rms-to-steal-your-data/
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)