https://www.wired.com/story/russian-hackers-email-scams/
By Lily Hay Newman
Security
Wired.com
July 7, 2020
FOR YEARS, COSTLY email grifts have largely been the provenance of West
African scammers, particularly those based in Nigeria. A newly discovered
"business email compromise" campaign, though, appears to come from a
criminal group in a part of the world better known for a different brand
of online mayhem: Russia.
Dubbed Cosmic Lynx, the group has carried out more than 200 BEC campaigns
since July 2019, according to researchers from the email security firm
Agari, particularly targeting senior executives at large organizations and
corporations in 46 countries. Cosmic Lynx specializes in topical, tailored
scams related to mergers and acquisitions; the group typically requests
hundreds of thousands or even millions of dollars as part of its hustles.
The researchers, who have worked extensively on tracking Nigerian BEC
scammers, say they don't have a clear sense of how often Cosmic Lynx
actually succeeds at obtaining a payout. Given that the group hasn't
lowered its asks in a year, though, and has been prolific about developing
new campaigns—including some compelling Covid-19–related scams—Agari
reasons that Cosmic Lynx must be raking in a fair amount of money.
"Most Eastern European and Russian hackers have been so entrenched in
malware campaigns and technically sophisticated infrastructure that, as
long as there are returns, they don’t need to adapt," says Crane Hassold,
senior director of threat research at Agari and a former digital behavior
analyst for the Federal Bureau of Investigation. "But defenses against
technically sophisticated attacks have gotten significantly better, and
they're realizing that the return on investment for these
social-engineering-based attacks is much higher."
West African scammers typically run their BEC campaigns off of rented or
free cloud infrastructure using free email accounts. They have
increasingly branched out into utilizing off-the-shelf hacking tools like
keyloggers and even backdoors into targets' systems, but malware has
typically not played a major role. Overhead is much lower when you don't
need to develop and maintain your own infrastructure and software. This
may have been a selling point for Cosmic Lynx, which combines some of the
technical chops of a Russian criminal hacking group with the cost savings
of a classic, low-tech BEC attack.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
Follow InfoSec News on Twitter
https://twitter.com/infosecnews_
Follow InfoSec News on LinkedIn
https://www.linkedin.com/company/infosecnews/
