A hacker group named as “London Blue”, is reported to have compiled a list of 35,000 chief financial officers, many working at the world’s biggest banks and mortgage companies. The aim of the list is to target them in a systematic fraud attack into transferring money from the corporate account.
The hacking group is the latest to focus on “business email compromise” campaigns, according to the cyber threat detection company Agari, which found a list of 50,000 targets – as reported in the FT.
The FBI warned in July that this method — of rushing a chief financial officer into transferring money to an unknown account — is on the rise and cost companies more than $12 billion since 2013, while the number of victims reached 78,617.
Agari has handed its evidence to the US and UK law enforcement agencies. If members of the hacking group are found to be based in the UK and US, it could be easier to prosecute them than in other territories.
Crane Hassold, senior director of threat research at Agari, said it had seen evidence that hackers had been successful in some cases, including observing a “money mule” persuade a bank’s loss prevention unit that a transaction for more than $20,000 was valid.
“It is pure social engineering,” he said, as the attack requires playing with people’s minds, not sophisticated technology. “The reason it is on the rise is because it has been proven to work.”
Agari first discovered the group when it tried to trick the cyber security company’s chief financial officer with a spoof email that purported to be from the chief executive — a practice known as “whaling” because a hacker disguises themselves as one of the biggest fish at the company.
Agari engaged with the attackers to find out more about which bank accounts they were using to take transactions. The company says the London Blue group is based in Nigeria but has extended its operations with 17 potential collaborators in Western Europe and the US.
The group acts like a “modern corporation”, with units carrying out lead generation, financial operations and human resources functions, Agari said. The hackers are using contact lists acquired from two data brokers, usually used by marketers and sales teams, to select their targets.
“London Blue’s effectiveness depends on working with commercial data brokers to assemble lists of target victims around the world. Doing so gives it the attack volume of a mass spam campaign, but with the target-specific customisation of spear-phishing attacks,” the researchers said in a report.
The list of potential victims showed more than half were in the US, with others in the UK, Spain, Finland, the Netherlands and Mexico. Financial services was the number one industry targeted, followed by construction, real estate and healthcare.
The post London Blue hackers attempt massive fraud against Chief Financial Officers appeared first on Payments Cards & Mobile.