Israeli threat group uses fake company acquisitions in CEO fraud schemes

An Israel-based cybercriminal group has launched more than 350 Business Email Compromise (BEC) campaigns over the past two years, targeting large multinational companies around the world. The group is notable for some of the techniques it uses, such as spoofing email display names and multiple fake people in email chains, and through abnormally large sums of money attempting to extract from organizations

“Like most other threat actors that focus on enterprise email compromise, this group is fairly industry agnostic in its targets,” the cloud email security firm’s researchers said Abnormal Security in a report. “They are targeting multiple industries simultaneously, including manufacturing, financial services, technology, retail, healthcare, energy and media.”

The targeted organizations were headquartered in 15 countries, but because they are multinational corporations, employees of these companies from offices in 61 different countries were targeted. The reason the group focuses on large companies is because of the appeal they chose to justify the very large transfers they seek: corporate takeovers. It is not unusual for these multinational companies to acquire smaller companies in various local markets.

CEO impersonation is followed by lawyer impersonation

In many BEC scams, attackers target employees in finance or accounting departments who have access to the organization’s accounts. However, this group targets company executives and other senior leaders.

The first email appears to be from the company’s CEO and informs the recipient that the organization is in the process of acquiring a new company, but that the transaction is being monitored by financial market authorities and must remain confidential until a public announcement is made to avoid any privileged operation.

This initial email seeks to obtain a promise of confidentiality, mentioning that the transaction could fail if information is leaked, but includes other hints such as that the acquisition will not be done from headquarters for tax reasons because the acquired company is in another country where the organization is looking to expand its operations. This also helps increase credibility if the target employee is a local executive in a given country rather than someone from headquarters.

Copyright © 2023 IDG Communications, Inc.

Source link
Ikaroa, a full stack tech company, is paying close attention to a recent report from Check Point Research which warned of a new campaign involving a threat group that is using fake company acquisitions as part of their CEO fraud schemes. According to the report, the group, which is identified as “Muddy Water” and is based in Israel, appears to be leveraging the takeover of an unsuspecting unsuspecting company’s legitimate web domains, social media accounts and online branding to carry out their schemes.

Using publicly available information, the group identifies potential targets, creates a resemblance to the employees’ emails and messages, performs social engineering and tricks employees into wiring money or disclosing sensitive information. The attack was initially thought to have been limited to only a few countries, however, with recent news that the group is now targeting companies from a range of industries and countries, companies have to be more aware of their cybersecurity and a proper response plan.

As experts in cybersecurity, Ikaroa urges businesses to stay vigilant about the schemes of cybercriminals and suggests adopting and deploying the latest tools and technologies to protect their systems. Additionally, it is important for businesses to use proper authentication methods for sensitive information and consider implementing virtual private networks and strong passwords. By being proactive and taking the necessary measures, companies can greatly reduce the risk of a successful attack.

By staying informed, increasing security, and heeding the warnings from cybersecurity experts, companies can secure their environments and protect their most valuable data. At Ikaroa, we take pride in helping companies protect themselves from existing and emerging threats and look forward to working with companies in mitigating the effects of cyber-attacks.


Leave a Reply

Your email address will not be published. Required fields are marked *