Business Email Compromise (BEC) attacks involve impersonating an executive or business partner to deceive a corporate target into wiring large sums of money to an attacker-controlled bank account. Executing a successful international version of this cyberattack traditionally required significant effort and resources, including researching the target thoroughly to create convincing phishing lures and hiring native speakers to translate scams into multiple languages. However, this is changing as threat groups now have access to free online tools that make the process easier. A recent report from Abnormal Security identified two BEC groups, Midnight Hedgehog and Mandarin Capybara, using Google Translate to create plausible phishing lures in almost any language instantly.
The report’s researchers also cautioned that commercial business marketing services are now making it easier for less sophisticated and less-resourced BEC groups to succeed. These services, primarily utilized by sales and marketing teams to locate potential customers, simplify the process of identifying the best targets regardless of their location.
This is particularly bad news for defenders since BEC attacks are already profitable, resulting in $2.4 billion in losses in 2021 alone, according to the FBI’s Crime Report. Furthermore, the number of BEC attacks is still increasing, and with the cost of executing them being reduced, the volume of these attacks is likely to continue to rise.
BEC Groups Scale Fast With Translation, Marketing Tools
According to Abnormal Security’s report, Crane Hassold, the director of threat intelligence who authored the report, stated that Midnight Hedgehog, a threat group that specializes in impersonating CEOs, has been in operation since January 2021.
To date, the company has identified two distinct phishing emails from the group, which have been translated into 11 different languages, including Danish, Dutch, Estonian, French, German, Hungarian, Italian, Norwegian, Polish, Spanish, and Swedish. Due to the effectiveness of Google Translate, the emails lack the typical errors that users are trained to identify as suspicious.
According to the report, the company has trained its users to identify phishing attacks by looking for spelling and grammatical errors. However, since groups like Midnight Hedgehog are using Google Translate effectively to generate phishing emails in multiple languages without errors, it becomes harder for native speakers to detect something suspicious.
The report also mentions that Midnight Hedgehog has requested payments ranging from $17,000 to $45,000 from their victims. In contrast, Mandarin Capybara uses a different tactic, targeting payroll departments and asking for direct-deposited paychecks to be sent to an account they control, while impersonating company executives.
Mandarin Capybara has been observed by Abnormal Security targeting companies globally in different languages, including Dutch, English, French, German, Italian, Polish, Portuguese, Spanish, and Swedish. The group also targets companies outside of Europe, sending phishing emails in English to victims in the US and Australia. In contrast, Midnight Hedgehog primarily targets non-English speaking victims in Europe.
Lowering the Barriers to BEC Entry
Cyberattackers conducting business email compromise (BEC) attacks can now easily scale their operations across borders by using translation tools and online services to identify potential victims. This is according to a report by Abnormal Security, which highlights two BEC threat groups: Midnight Hedgehog and Mandarin Capybara. The groups use sophisticated social engineering techniques and emails impersonating CEOs to scam companies out of money. The emails are translated into multiple languages to target victims worldwide, and they rely on behavioral manipulation rather than malware to bypass security systems and spam filters.
To defend against these attacks, the report recommends a two-pronged approach. First, it is important to prevent the phishing emails from reaching their destination by implementing behavioral-based machine learning and AI tools that can detect abnormal behavior. Second, security awareness training can play a role in defending against phishing attacks, but the best way to prevent employees from falling for these attacks is to ensure that they never receive them in the first place. As email marketing and translation tools become more accurate and effective, hackers will continue to exploit them to scam companies with increasing success.
Go to Source
Author: Becky Bracken, Editor, Dark Reading
