Archive for Abnormal Security

$36M Supply Chain Attack Detected And Stopped By Abnormal Security

Posted in Commentary with tags on March 22, 2023 by itnerd

Abnormal Security has revealed it recently detected and stopped an attempted VEC attack that targeted an enterprise company in the commercial real estate industry that was cc’d on an email containing an invoice for $36 million

This report details the following:

  • How threat actors manipulated the target using a VIP from a trusted partner company?
  • What was a red flag in this email that differed from what’s typically expected in an invoice?
  • Why was there little reason for immediate concern about the validity of the wire transfer request?

You can read the report here.

Multilingual BEC Groups Use Auto Translate Tools for Payment Fraud, Payroll Diversion, And Executive Impersonation

Posted in Commentary with tags on February 16, 2023 by itnerd

Abnormal Security has identified two groups using executive impersonation to execute BEC attacks on companies worldwide. In a new report, the company provides details on Midnight Hedgehog, a group engaging in payment fraud, and Mandarin Capybara, a group performing payroll diversion attacks. This new report provides insight into the impact of multilingual BEC attacks, in-depth analysis of the tactics and techniques used by these groups, and offers actionable advice to organizations to defend against multilingual email-based attacks.

These groups use executive impersonation to deceive recipients into making payments for bogus services or changing payroll account details, often posing as a company’s CEO. The report highlights that by leveraging commercial online services and widely available marketing technology, BEC actors can rapidly scale their efforts, maximizing their reach and wreaking havoc across the globe.

You can read the report here.

New Phishing Attacks Pose As Updated HR Policy Announcements In The New Year

Posted in Commentary with tags on January 19, 2023 by itnerd

Crane Hassold, Director of Threat Intelligence at Abnormal Security, is seeing bad actors exploit the transition to the new year by sending out phishing campaigns containing themes of updated human resources (HR) policy announcements to steal employee credentials.

Abnormal Security has looked at campaigns incorporating these themes, and has published a report discussing why the content of these phishing attacks could result in a higher success rate, and providing recommendations about how organizations can better protect themselves from similar attacks.

  1. The first link-based attack imitated a company HR email that announced the release of a new employee handbook, which included a link to a phishing page meant to steal an employee’s name and email credentials.
  2. The second payload-based phishing attack posed as an announcement from the company HR team about updates to the company’s benefits package and requested the recipient review a supposed updated handbook, which opened a phishing page to steal account credentials.

You can read the full report here.