Microsoft Vulnerability Exploited for BEC

Read More

Earlier this year, we reported on the large-scale breach of Microsoft Exchange Servers.

At the time we warned that this would likely result in a spike in Business Email Compromise attacks. Now, we are seeing that warning become reality.

Cyber security researchers are observing attackers gaining access to vulnerable Microsoft Exchange Servers and creating secret mailboxes. These mailboxes are being deliberately hidden from the address list to evade detection.

The mailboxes are created with high privileges, meaning whoever controls them has a high degree of access to sensitive data and permission to access other accounts. Attackers are using these mailboxes to login via webmail in order to browse and steal data, as well as launching Business Email Compromise (BEC) attacks against third-party organisations. Such attacks are extremely difficult to detect.

This is particularly concerning as your organisation may be subjected to a BEC attack through no fault of your own. Even if your systems are fully patched and secure, all it takes is one vulnerable supplier to be using a compromised Microsoft Exchange Server, and you could become a BEC target.

That’s why it is essential to have systems in place to protect you from financial losses in the event that one of your suppliers is compromised. Eftsure safeguards your finances by ensuring that outgoing payments are only sent to the intended recipient, and are not redirected to bank accounts controlled by fraudsters.


International Fraud Sting Leads to 1,000 Arrests and $38m Seized

Read More

Police in 20 countries arrested 1,003 suspects as part of a sweeping crackdown on digital financial crime. Those arrested include suspected operators of Business Email Compromise (BEC) scams, according to Interpol.

The crackdown also led to the seizure of over 2,350 bank accounts and nearly $US27 (A$38) million in allegedly illicit proceeds of crime.

The operation, codenamed HAECHI-II, targeted scammers that were linked in some way to North Korean operators.

This operation was an opportunity for Interpol to test a new system called the Anti-Money Laundering Rapid Response Protocol (ARRP). ARRP connects police departments around the world, enabling them to fast-track requests to block and intercept suspicious financial transfers.

According to Interpol, “Far from the common notion of online fraud as a relatively low-level and low stakes type of criminality, the results of Operation HAECHI-II show that transnational organised crime groups have been using the Internet to extract millions from their victims before funnelling the illicit cash to bank accounts across the globe.”

Increased cooperation between global law-enforcement is a positive step. It should help limit the ability of criminals to transfer defrauded funds into overseas bank accounts, whilst helping victims recover at least part of their money.

However, ARRP is not foolproof and there remains no guarantee that stolen funds will be recovered. Preventing fraud is still the best strategy to protect your organisation’s financial assets.


Finance Executive Pleads Guilty in $6 Million Fraud

Read More

Insureon, the US-based marketplace for small business insurance, recently discovered it had been defrauded to the tune of $US6 million by its former financial controller, Kevin Mix.

In a shocking case of insider fraud, Mr. Mix had been rerouting funds into his personal bank accounts between October 2018 and June 2020. As controller, Mr. Mix managed the company’s accounting operations, including provisional approval of invoice payments to vendors.

In February 2019 the instances of fraud escalated when an employee that was leaving the company gave Mr. Mix his access token, username and password to the Insureon bank account. Mr. Mix used this access to complete multiple other fraudulent transfers.

The defrauded funds were used to purchase various real estate holdings, a Mercedes GT63C4, two gold bars and diamond jewellery.

From the information publicly available, it would seem Insureon had inadequate segregation of duties in place. Whilst Mr. Mix was authorised to provide provisional approval for the payment of invoices, it is not clear who was responsible for the final approval of the payments.

It is critical to ensure separate individuals provide final approval of outgoing payments in order to avoid such instances of insider fraud.

Furthermore, it is also concerning that the departing employee provided Mr. Mix with their access credentials to the company bank account. All such credentials should be handled with the utmost care in line with the organisation’s Identity and Access Management policies.


New Australian Cyber Crime Centre to Target BEC

Read More

The Australian Federal Police (AFP) will establish a new cybercrime coordination centre to clamp down on Business Email Compromise (BEC).

To be known as the Joint Policing Cybercrime Coordination Centre (JPC3), it will be launched in March 2022 and will work with the Australian Cyber Security Centre (ACSC) to investigate cyber criminals.

It will be headed up by assistant AFP commissioner, Justine Gough, who will become the AFP’s first full-time executive dedicated to countering cybercrime.

Gough said the JPC3 will “target at scale those cyber criminals who trick firms using BEC or unleash mass phishing attacks”.

A focused approach on cybercrime, as distinct from cyber security, is an important initiative. It is recognition of the fact that many cyber criminals are financially-motivated and employ a range of tactics to exploit victims, including social engineering. In many cases, cybercrime also makes use of real-world capabilities, such as money mules, to handle the proceeds of crime. A cybercrime centre, such as JPC3, will give law enforcement the ability to join all the dots, both digital and physical, that make up cybercrime.

 

Subscribe to our blog

Subscribe to the eftsure blog to receive updates when we post.