The IT Nerd

Abnormal Security has revealed it recently detected and stopped an attempted VEC attack that targeted an enterprise company in the commercial real estate industry that was cc’d on an email containing an invoice for $36 million. 

This report details the following:

• How threat actors manipulated the target using a VIP from a trusted partner company?
• What was a red flag in this email that differed from what’s typically expected in an invoice?
• Why was there little reason for immediate concern about the validity of the wire transfer request?

You can read the report here.

Abnormal Security has identified two groups using executive impersonation to execute BEC attacks on companies worldwide. In a new report, the company provides details on Midnight Hedgehog, a group engaging in payment fraud, and Mandarin Capybara, a group performing payroll diversion attacks. This new report provides insight into the impact of multilingual BEC attacks, in-depth analysis of the tactics and techniques used by these groups, and offers actionable advice to organizations to defend against multilingual email-based attacks.

These groups use executive impersonation to deceive recipients into making payments for bogus services or changing payroll account details, often posing as a company’s CEO. The report highlights that by leveraging commercial online services and widely available marketing technology, BEC actors can rapidly scale their efforts, maximizing their reach and wreaking havoc across the globe.

You can read the report here.

Crane Hassold, Director of Threat Intelligence at Abnormal Security, is seeing bad actors exploit the transition to the new year by sending out phishing campaigns containing themes of updated human resources (HR) policy announcements to steal employee credentials.

Abnormal Security has looked at campaigns incorporating these themes, and has published a report discussing why the content of these phishing attacks could result in a higher success rate, and providing recommendations about how organizations can better protect themselves from similar attacks.

1. The first link-based attack imitated a company HR email that announced the release of a new employee handbook, which included a link to a phishing page meant to steal an employee’s name and email credentials.
2. The second payload-based phishing attack posed as an announcement from the company HR team about updates to the company’s benefits package and requested the recipient review a supposed updated handbook, which opened a phishing page to steal account credentials.

You can read the full report here.