"BEC Group Uses Open Source Tactics in Hundreds of Attacks"

Security researchers at Abnormal Security have warned of a highly successful new business email compromise (BEC) group that has targeted hundreds of victims in the past two years using fairly unsophisticated techniques.  Dubbed “Firebrick Ostrich,” the group has been responsible for at least 347 campaigns since April 2021.  The researchers noted that the group uses open source research, such as trawling through government websites to check information on existing contracts and vendors and total vendor numbers.  While this information is usually limited, it at least gives an adversary a small piece of information they can exploit in an attack, the fact that there is an existing connection between the two organizations.  The researchers stated that once the attacker has collected this info, they will register a domain name via Namecheap or Google that looks very similar to the impersonated vendor’s legitimate domain.  Because they don’t have detailed information about the vendor–customer relationship, the BEC email is usually vague, inquiring about an outstanding payment or even requesting an update to the vendor’s payment details.  Firebrick Ostrich has thus far impersonated 151 different organizations using 212 different maliciously registered domains across a wide variety of sectors.  The researchers noted that most of the domains (60%) were registered on the day the BEC email was sent, providing corporate threat hunters with some useful clues.  The researchers stated that the group’s lack of detailed insight into their targets also means they usually send emails to centralized accounts payable email distribution lists, which target all finance employees at the same time.  What makes this group fairly unique is that they have seen massive success even without the need to compromise accounts or do in-depth research on the vendor–customer relationship.  The researchers noted that by using fairly obvious social engineering tactics, they can discover everything they need in order to run a successful BEC campaign without investing any significant time or resources into the initial research.

Infosecurity reports: "BEC Group Uses Open Source Tactics in Hundreds of Attacks"