Vendor email compromise (VEC), a variation of business email compromise (BEC), is a sophisticated and dangerous email threat that is continuing to grow. VEC attacks are among the most successful social engineering attacks because they exploit the trusted relationships between customers and their vendors.
Abnormal Security has released their latest research that detected a sequence of attacks where a threat actor gained access to five distinct vendor email accounts. The attacker gained access to vendor email accounts of individuals working in accounting and operations roles and sent emails in an attempt to redirect both current and future invoices to a different bank account. Each email contained a PDF attachment with a fabricated payment policy and the updated bank account information. Notably, all of the targeted organizations operate within the critical infrastructure sector, encompassing two healthcare companies, two logistics companies, and one manufacturing company.
The blog is now live here: https://abnormalsecurity.com/blog/vec-attacks-replay-critical-infrastructure
Like this:
Like Loading...
Related
This entry was posted on July 26, 2023 at 11:01 am and is filed under Commentary with tags Abnormal Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Hackers Gain Vendor Account Access to Redirect Invoices in Latest VEC Attack
Vendor email compromise (VEC), a variation of business email compromise (BEC), is a sophisticated and dangerous email threat that is continuing to grow. VEC attacks are among the most successful social engineering attacks because they exploit the trusted relationships between customers and their vendors.
Abnormal Security has released their latest research that detected a sequence of attacks where a threat actor gained access to five distinct vendor email accounts. The attacker gained access to vendor email accounts of individuals working in accounting and operations roles and sent emails in an attempt to redirect both current and future invoices to a different bank account. Each email contained a PDF attachment with a fabricated payment policy and the updated bank account information. Notably, all of the targeted organizations operate within the critical infrastructure sector, encompassing two healthcare companies, two logistics companies, and one manufacturing company.
The blog is now live here: https://abnormalsecurity.com/blog/vec-attacks-replay-critical-infrastructure
Share this:
Like this:
Related
This entry was posted on July 26, 2023 at 11:01 am and is filed under Commentary with tags Abnormal Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.