INTERPOL and Nigerian Police bust business email compromise ring, arrest 11

INTERPOL and the Nigerian Federal Police today announced the arrests of 11 business email compromise (BEC) actors in Nigeria as part of an international operation to disrupt and tackle sophisticated BEC cybercrime. Many of the suspects are thought to be members of SilverTerrier, a network known for BEC scams that have impacted thousands of companies globally. The results are the latest example of industry and law enforcement efforts to thwart BEC activity, the most common and costly cyberthreat facing organizations.

Operation focused on technical BEC activity, targeted malware skills and knowledge

According to Unit 42 at Palo Alto Networks, which shared intelligence and resources as part of the operation, the collaborative effort was novel in its approach in that it didn’t target easily identifiable money mules or social media influencers who are typically seen benefiting from these schemes. “Instead, this operation focused predominantly on the technical backbone of BEC operations by targeting the actors who possess the skills and knowledge to build and deploy the malware and domain infrastructure used in these schemes,” Unit 42 wrote in a blog posting. Some of the actors arrested have avoided prosecution for the past half decade due to the complexities of mapping global victims beyond the flow of stolen funds back to the source of malicious network activity, it added.

BEC remains a significant security risk to organizations

While the success of the operation – dubbed Operation Falcon II – is a positive for law enforcement and the cybersecurity sector, it highlights the ongoing risk BEC poses to businesses across the globe. “The BEC threat landscape is extremely active and constantly evolving,” Pete Renals, Unit 42 principal researcher, tells CSO. “As a threat type, it has grown over the years to become the most prevalent and costly form of malicious cyber activity targeting our customers. Additionally, while these attacks rarely result in physical damage to victim organizations, the financial losses associated with these schemes are often equally significant.”

As such, it is imperative that organizations continue to prioritize defenses against email-based cyberattacks through preventative practices. As outlined in Unit 42’s blog, these include:

• Review network security policies, focusing on the types of files that employees can download and open on devices attached to company networks.
• Review mail server configurations, employee mail settings, and connection logs.
• Conduct tailored, regular cyber awareness training for employees.
• Conduct tabletop exercises and rehearsal investigations to determine sources of evidence and establish reporting points of contact for the appropriate authorities.
• Conduct compromise assessments on an annual or more frequent basis to test organizational controls and validate that there is no unauthorized activity occurring in the environment.

“While detecting and preventing BEC schemes should be a top priority for organizations, we also believe that the best cybersecurity approach is one that focuses on tools and capabilities that provide flexible defenses against the entire range (BEC, ransomware, APTs, etc.) of possible threat vectors,” concludes Renals.