Operation Falcon II focused on malware skills and knowledge to track suspects thought to be members of the SilverTerrier BEC network that has harmed thousands of companies globally. Credit: CHUYN / Getty Images INTERPOL and the Nigerian Federal Police today announced the arrests of 11 business email compromise (BEC) actors in Nigeria as part of an international operation to disrupt and tackle sophisticated BEC cybercrime. Many of the suspects are thought to be members of SilverTerrier, a network known for BEC scams that have impacted thousands of companies globally. The results are the latest example of industry and law enforcement efforts to thwart BEC activity, the most common and costly cyberthreat facing organizations.Operation focused on technical BEC activity, targeted malware skills and knowledgeAccording to Unit 42 at Palo Alto Networks, which shared intelligence and resources as part of the operation, the collaborative effort was novel in its approach in that it didn’t target easily identifiable money mules or social media influencers who are typically seen benefiting from these schemes. “Instead, this operation focused predominantly on the technical backbone of BEC operations by targeting the actors who possess the skills and knowledge to build and deploy the malware and domain infrastructure used in these schemes,” Unit 42 wrote in a blog posting. Some of the actors arrested have avoided prosecution for the past half decade due to the complexities of mapping global victims beyond the flow of stolen funds back to the source of malicious network activity, it added.BEC remains a significant security risk to organizationsWhile the success of the operation – dubbed Operation Falcon II – is a positive for law enforcement and the cybersecurity sector, it highlights the ongoing risk BEC poses to businesses across the globe. “The BEC threat landscape is extremely active and constantly evolving,” Pete Renals, Unit 42 principal researcher, tells CSO. “As a threat type, it has grown over the years to become the most prevalent and costly form of malicious cyber activity targeting our customers. Additionally, while these attacks rarely result in physical damage to victim organizations, the financial losses associated with these schemes are often equally significant.” As such, it is imperative that organizations continue to prioritize defenses against email-based cyberattacks through preventative practices. As outlined in Unit 42’s blog, these include: Review network security policies, focusing on the types of files that employees can download and open on devices attached to company networks.Review mail server configurations, employee mail settings, and connection logs.Conduct tailored, regular cyber awareness training for employees.Conduct tabletop exercises and rehearsal investigations to determine sources of evidence and establish reporting points of contact for the appropriate authorities.Conduct compromise assessments on an annual or more frequent basis to test organizational controls and validate that there is no unauthorized activity occurring in the environment.“While detecting and preventing BEC schemes should be a top priority for organizations, we also believe that the best cybersecurity approach is one that focuses on tools and capabilities that provide flexible defenses against the entire range (BEC, ransomware, APTs, etc.) of possible threat vectors,” concludes Renals. Related content news Google launches Google Threat Intelligence at RSA Conference The new addition to Google Cloud Security is designed to give security teams information to inform approaches to protecting against external threats, managing attack surfaces, and mitigating digital risks. By Sascha Brodsky May 06, 2024 4 mins Google Cloud Functions Cloud Security Security Software brandpost Sponsored by Elastic Search + RAG: The 1-2 punch transforming the modern SOC with AI-driven security analytics AI is modernizing how SOCs function, triaging countless alerts down to a handful of attacks that matter most. By Mike Nichols, Product for Security at Elastic May 06, 2024 3 mins Artificial Intelligence how-to Download the Zero Trust network access (ZTNA) enterprise buyer’s guide From the editors of our sister publication Network World, this enterprise buyer’s guide helps network and security IT staff understand what ZTNA can do for their organizations and how to choose the right solution. By Josh Fruhlinger and steve_zurier May 06, 2024 1 min Zero Trust Access Control Network Security news Germany blames Russian hackers for months-long cyber espionage The attacks by Russia-backed Fancy Bear used an Outlook exploit to compromise several German officials’ accounts. By Shweta Sharma May 06, 2024 4 mins Advanced Persistent Threats Hacker Groups PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe