In contrast to other forms of financial supply chain compromise, third-party reconnaissance occurs when an attacker knows a relationship between two organizations but has limited or no knowledge about actual outstanding payments. Abnormal Security is today revealing that attackers are finding new ways to use vendor relationships to run BEC attacks, even when they don’t know anything about the relationship between the two parties.
The Abnormal Threat Intel team has identified 300+ BEC campaigns attributable to threat group Firebrick Ostrich dating to April 2021. These campaigns impersonated 100+ different third parties using 200+ malicious registered domains. The group’s use of newly-registered domains highlights how young domains can be used as an effective signal to identify threats. Abnormal Security has seen Firebrick Ostrich target organizations in various industries, including financial services, healthcare, education, hospitality, and retail.
You can read the report here.
Related
This entry was posted on February 1, 2023 at 9:01 am and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
BEC Threat Group CC’s Impersonated Executives for Convincing Third-Party Reconnaissance Attacks
In contrast to other forms of financial supply chain compromise, third-party reconnaissance occurs when an attacker knows a relationship between two organizations but has limited or no knowledge about actual outstanding payments. Abnormal Security is today revealing that attackers are finding new ways to use vendor relationships to run BEC attacks, even when they don’t know anything about the relationship between the two parties.
The Abnormal Threat Intel team has identified 300+ BEC campaigns attributable to threat group Firebrick Ostrich dating to April 2021. These campaigns impersonated 100+ different third parties using 200+ malicious registered domains. The group’s use of newly-registered domains highlights how young domains can be used as an effective signal to identify threats. Abnormal Security has seen Firebrick Ostrich target organizations in various industries, including financial services, healthcare, education, hospitality, and retail.
You can read the report here.
Share this:
Like this:
Related
This entry was posted on February 1, 2023 at 9:01 am and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.