"Ransomware Data Theft Epidemic Fueling BEC Attacks"

Security researchers at Accenture have discovered that a surge in corporate data stolen by ransomware gangs is inundating the cybercrime underground with exactly the sort of information fraudsters need to launch convincing business email compromise (BEC) attacks.  The researchers stated that between July 2021 and July 2022, they observed over 4000 corporate and government victims with data posted to leak sites representing the 20 most active groups.  This consists mainly of financial data, personal employee and client information, and communication documentation.  The researchers stated that such information can be used to good effect to help the early social engineering/reconnaissance stages of a BEC attack, which the researchers claim is “the most important and traditionally the most difficult” part of a campaign.  The researchers noted that dedicated leak site data further reduces the likelihood of a target discovering a social engineering ploy by allowing actors to better adhere to internal organizational pathways.  Threat actors can also use the stolen data to improve the timing of their attacks by launching them during acquisitions or vendor contract renewals, while traveling, or when other information is available only through insider knowledge.  The researchers noted that data stolen by ransomware actors might also include invoices, which will help BEC scammers make their money transfer requests look more legitimate.

Infosecurity reports: "Ransomware Data Theft Epidemic Fueling BEC Attacks"