New Cybergang- Cybergang Silent Starling is taking BEC to the next level by targeting suppliers and going after their customers.
A newly-uncovered business email compromise (BEC) cybergang, dubbed Silent Starling, has found success using a tricky technique to swindle funds from more than 500 organizations worldwide.
The West African cybergang has been using a method that researchers with Agari – who discovered them in late 2018 – call vendor email compromise (VEC) to swindle funds from targets. The researchers told Threatpost they expect VEC to be the largest threat for organizations worldwide over the course of the next 12 to 18 months.
During an attack, Silent Starling will first compromise accounts belonging to employees of suppliers (typically using phishing attacks that purport to be Microsoft OneDrive sign in pages to steal victim’s email credentials). From there, they will spy on all the victims’ correspondences with customers, and get a sense of customers’ names, top executives, payment amounts and payment dates. Then they target the vendors’ customers using social engineering; They do so by purporting to be the owner of the compromised account and asking clients to transfer money to the “supplier” – which is actually a mule account.
“Unlike typical BEC scams designed to defraud a single organization, this type of attack
targets entire supply chains, using legitimate employee email accounts to swindle a business’s customers into paying fraudulent invoices,” researchers with Agari said on Wednesday. “Due to its covert nature, the chances companies can effectively protect themselves from [vendor email compromise] scams becomes much more difficult.”
It’s not the first time researchers have seen “vendor email compromise” being used in attacks – but Agari researchers fear that Silent Starling will popularize the tactic for the BEC landscape. Threatpost talked to Agari researchers Crane Hassold and Ronnie Tokazowski about why Silent Starling’s techniques can take the BEC crime market to the next level when it comes to the scope and scale of attacks.