WebsiteGear Logo Log In
New User? Sign Up
About | Contact | FAQ
  Home News Website Related Online Marketing Thursday, March 28, 2024 
Add Press Release News | News Feeds Feeds | Email This News Email


Agari Identifies First-ever Reported Russian BEC Cybercriminal Ring Targeting Executives in 46 Countries Across Six Continents
Wednesday, July 15, 2020

COVID-19 used as clever ruse; Illicit funds flow through intricate network of Hong Kong shell company money mule accounts

FOSTER CITY, Calif. and LONDON, July 7, 2020 /PRNewswire/ -- Agari, the market share leader in phishing defense solutions for the enterprise, revealed today details of the threat actor group dubbed Cosmic Lynx, the first-ever reported Russian cybercriminal ring to conduct business email compromise (BEC) phishing scams. This is a historic shift to the global email threat landscape and portends new and sophisticated socially-engineered phishing attacks that CISOs around the world must brace for now. Cosmic Lynx was uncovered by the Agari Cyber Intelligence Division (ACID).

"Cosmic Lynx represents the future of organized crime rings that are shifting focus to socially engineered email fraud," said Armen L. Najarian, CMO and Chief Identity Officer, Agari. "The more favorable economics of socially engineered schemes targeting enterprise victims have driven groups like Cosmic Lynx to defocus on the more costly and less lucrative ransomware fraud."

Email fraud originated in West Africa in the form of 419 fraud schemes more than 30 years ago, and today 90 percent of BEC scams still emanate from the region. Meanwhile Russian and Eastern European gangs have historically innovated and perfected technology-based malware heists.

Over the years, however, traditional email-based identity deception schemeds have produced greater financial returns relative to highly technical malware attacks. Based on the 2019 FBI IC3 annual report, BEC attacks accounted for $1.7 billion in fraud losses, which made up 40 percent of all cybercrime losses last year. Comparatively, the report documents only $8.9 million in losses attributed to ransomware attacks.

Innovation for Profit
Cosmic Lynx puts a new spin on BEC phishing attacks by fabricating fake merger-and-acquisition scenarios that require a two-fold impersonation scheme involving the target organization's CEO and external legal counsel. The cybercrime group asks target employees, who tend to hold a VP or higher title, to work with "external legal counsel" to coordinate the payments needed to close the purported acquisition. Cosmic Lynx then impersonates the identity of a legitimate attorney typically at UK-based law firms whose job it is to facilitate the transaction. It then moves the stolen funds through money mule accounts in Hong Kong, with secondary accounts located in Hungary, Portugal, and Romania. The group has actively avoided using money mule accounts in the U.S.

These schemes can translate into high-dollar impersonation scams as reflected in a $2.7M request in a recent Cosmic Lynx scheme. By comparison, the average amount requested in traditional executive impersonation BEC attacks is $55,000.

Remarkably only 15 percent of the Fortune 500 have a DMARC record set at an enforcement policy that would stop malicious actors in their tracks -- meaning 85 percent of companies have left their front doors wide open to fraudsters. Cosmic Lynx takes advantage of these lax DMARC controls to spoof the email addresses of impersonated CEOs, making their attacks appear much more authentic, in contrast to the vast majority of BEC attacks that use free webmail accounts or registered domains to send malicious emails.

Exploiting COVID-19
Like many other organized fraud rings, Cosmic Lynx has capitalized on the COVID-19 pandemic. To break the ice with targets, its emails cast an empathetic tone to the global crisis and have adjusted as the crisis has evolved. For example, Cosmic Lynx began using COVID-19 themes as early as March 2020 wishing targets good health and then transitioned to discussing lifting of restrictions and business reopening.

Engagement Synopsis
Since July, 2019 the Agari Cyber Intelligence Division has observed more than 200 BEC campaigns associated with Cosmic Lynx targeting professionals in 46 countries across six continents. Unlike most BEC groups that are relatively target agnostic, Cosmic Lynx has a well defined victim profile of large, multinational organizations. Nearly all Cosmic Lynx target organizations have a significant global presence, with many Fortune 500 or Global 2000 companies. The target employees of Cosmic Lynx schemes are typically senior-level executives, with 75 percent holding the titles of Vice President, General Manager, or Managing Director.

Related Resources

    --  Download the Cosmic Lynx threat actor dossier here
    --  Get more details in the blog about Cosmic Lynx
    --  Visit the Agari Cyber Intelligence Division website
    --  View all ACID threat actor dossiers
    --  Register for the Cosmic Lynx webinar that will provide full color
        commentary on this cybercriminal organization

About Agari
Agari is the market share leader in phishing defense solutions for the enterprise. Through applied science, the Agari Identity Graph(TM) delivers valuable business context to every email risk decision. Agari ensures outbound email from the enterprise cannot be spoofed, increasing deliverability and preserving brand integrity. It also protects the workforce from devastating inbound BEC, VEC, spearphishing, and account takeover-based attacks, reducing business risk and restoring trust to the inbox. Learn more at agari.com.

About Agari Cyber Intelligence Division
The Agari Cyber Intelligence Division (ACID) is the only counterintelligence research group dedicated to worldwide business email compromise (BEC) investigation. Led by a former FBI intelligence analyst who helped set up the Bureau's Cyber Behavioral Analysis Center, ACID has conducted more than 8,000 active defense engagements with BEC threat actors since May 2019. ACID works closely with law enforcement and other trusted partners to make it more difficult than ever before for cybercriminals to be successful and abate cybercrime activity. Learn more at acid.agari.com.

Media Contact
Jean Creech Avent
Sr. Director, Global Corporate Communications
Agari
+1 843-986-8229
jcreech@agari.com

View original content to download multimedia:http://www.prnewswire.com/news-releases/agari-identifies-first-ever-reported-russian-bec-cybercriminal-ring-targeting-executives-in-46-countries-across-six-continents-301088855.html

SOURCE Agari



Email This News Email | Submit To Slashdot Slashdot | Submit To Digg.com Digg | Submit To del.icio.us Del.icio.us | News Feeds Feeds

RELATED NEWS ARTICLES
Nav JND eDiscovery Receives National Law Journal Hall of Fame Award in Two Categories | Mar 28, 2024
Nav Trip.com's Global 3.3 Promotion Sees Record Success in Asia and Europe | Mar 28, 2024
Nav Europe Fibercos and Towercos Market Dynamics Report 2024: Lessons Learned and Key Takeaways for Telcos and Infrastructure Companies | Mar 28, 2024
Nav China Non-Invasive Prenatal Testing Analysis Report 2024: Testing Volume 2018-2032 and Market Estimation Forecasts 2024-2032 with Focus on Mergers & Acquisitions, Collaborations, and Partnerships | Mar 28, 2024
Nav Global Highly Potent API (Active Pharmaceutical Ingredient) Industry Research 2023-2033: Advancements in Containment Technologies, and Increasing Investment for Manufacturing Units | Mar 28, 2024
Nav Exclusive Networks announces a major step in its growth strategy in APAC with NEXTGEN Group acquisition | Mar 28, 2024
Nav United States Self-Monitoring Blood Glucose Devices Market Research 2023-2032: SMBG Devices and CGM Systems Surge - The Shift from Traditional Blood Glucose Meters | Mar 28, 2024
Nav "Bleach: Brave Souls" Thousand-Year Blood War Zenith Summons: Reinforcements Featuring Meninas, Rangiku, and Yumichika Begins March 31 Alongside a Spring Festival Campaign | Mar 28, 2024
Nav Evolution enters Delaware through Rush Street Interactive | Mar 28, 2024
Nav IDTechEx Discusses the Sustainability of Electric Vehicle Fire Protection Materials | Mar 28, 2024
NEWS SEARCH

FEATURED NEWS | POPULAR NEWS
Submit News | View More News View More News