fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Interpol Arrests 11 BEC Gang Members Linked to 50,000 Targets

Interpol Arrests 11 BEC Gang Members Linked to 50,000 Targets

In coordination with the Nigerian Police Force, Interpol has arrested 11 individuals suspected of participating in an international BEC (business email compromise) ring.

BEC is a type of attack conducted via email involving the spear-phishing of certain company employees responsible for approving payments to contractors, suppliers, etc.

By impersonating a coworker, a supervisor, or a client/supplier, BEC actors manage to divert payments to their bank accounts, essentially stealing them from the targeted company.

Also Read: Ways to protect HR data and avoid penalties for data breaches

In the latest Interpol operation codenamed ‘Falcon II,’ which unfolded between December 12 and 22, 2021, the police followed leads provided by cyber-intelligence firms Group-IB and Palo Alto Networks’ Unit 42 to arrest suspects in Lagos and Asaba.

Members of the SilverTerrier gang

According to the forensic investigation and the evidence collected so far, Interpol believes that at least some of the arrested individuals belong to the BEC gang known as SilverTerrier (aka TMT).

This is the second blow for the particular group after Interpol arrested more of their members in the context of ‘Falcon I’ back in 2020.

“This preliminary analysis indicates that the suspects’ collective involvement in BEC criminal schemes may be associated with more than 50,000 targets,” details Interpol’s announcement.

“One of the arrested suspects was in possession of more than 800,000 potential victim domain credentials on his laptop.”

“Another suspect had been monitoring conversations between 16 companies and their clients and diverting funds to ‘SilverTerrier’ whenever company transactions were about to be made.”

Photo from the arrest
Photo from the arrest
Source: Interpol

Six actors with history in BEC

According to a report shared with Bleeping Computer by Palo Alto Unit 42, most of the arrested individuals have had a lengthy involvement in or prior convictions for BEC scams.

Also Read: Data Protection Act of Singapore: Validity in the Post-pandemic World

The arrested individuals who were tracked and identified by Unit 42 are:

  • Darlington Ndukwu – active since 2014, using ISRStealer, Keybase, Pony, LokiBot, PredatorPain, ISpySoftware. Registered websites such as “fbigov[.]org”, “annexbanks[.]com”, and “western-union[.]org”. He has targeted security researchers too, and was arrested again during FBI’s ‘WireWire’ 2018 operation.
  • Onuegwu Ifeanyi Ephraim – active since 2014, using Lokibot, PredatorPain, ISRStealer, Pony, NanoCore, AzoRult, ISpySoftware, AgentTesla, Keybase. Registered domains like “us-military-service[.]com” and “pennssylvania[.]com[.]mx”. He sponsored at least 30 BEC actors and was arrested for BEC activities again in 2020. When released in 2021, he immediately returned to scams by registering “covid19-fundservices[.]com”.
  • Oyebade Fisayo – Active since 2015, using ISRStealer, Pony, LuminosityLink, NanoCore, LokiBot, Keybase, Adwind, AgentTesla, PredatorPain, ImminentMonitor. He publicly offered instructions on how to use RATs on Facebook. Registered domains such as “atlanticexpresslogistics[.]com,” and “shipatlanticlogistics.co[.]uk”
  • Kevin Anyanwu – Active since 2015, operating the “hsbctelex[.]net” scam site.
  • Onukwubiri Ifeanyi Kingsley – Active since 2016, using Pony and Lokibot. He was linked to at least 20 fraudulent domains like “qatarairways[.]pw”. Is believed to be a core member of the TMT gang.
  • Kennedy Ikechukwu Afurobi – Active since 2014, using Pony, PredatorPain, Azorult. He is also directly linked to TMT group activities and registered almost a hundred domains that were used for distribution of spear-phishing email.
Onukwubiri Kingsley on social media
Onukwubiri Kingsley on social media
Source: Unit 42

Hiding behind banks

BEC scammers cannot siphon funds in the form of untraceable cryptocurrencies, so the only way for them to hide is by moving the stolen amounts around, attempting to obscure the money trace.

Unfortunately, many banks, especially in countries where weak money laundering regulations apply, insist on protecting their clients’ identities and refuse to revert transactions that were part of payment diversion fraud acts.

However, the international collaboration and information exchange between law enforcement and intelligence agencies worldwide make it increasingly challenging for BEC actors to remain hidden.

How to defend against BEC

When requested to send money or to change to conduct all payments to a new bank, you may pick up the phone and call the supplier/colleague to confirm it.

For this, use the phone number you have confirmed to be valid in past communications and not any new numbers provided in the email.

To protect your email account from takeover, enable multi-factor authentication along with a strong and unique password.

Organizations should also secure their domain from spoofing by registering potential domain typo-squatting candidates and instructing employees not to over-share business information online.

Post updated to add more info shared with Bleeping Computer by Unit 42 on a subset of the arrested individuals.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us