Florentine Banker: The Florentine Banker threat group managed to steal 600,000 British pounds from three large financial institutions in Britain and Israel, according to researchers at Checkpoint Security. The Business Email Compromise (BEC) attack began with attackers targeting the CEO, CFO, and other individuals in the organization. The original attack focused on stealing the credentials of these individuals for the attackers to gain access to their email accounts by sending an email with a fake Office 365 message. Once the email accounts were accessed, the threat actors read and analyzed the emails, moving ones that interested them into a folder under their control. After the emails were analyzed, the group began creating lookalike domains for entities which they believed they could impersonate and sent fraudulent emails to trick bank employees into sending wire transfers to bank accounts controlled by money mules working for the attackers.
According to the FBI, BEC attacks account for only 5% of reported cybercrime incidents but makes up almost 50% of financial losses from cybercrime. Monitoring for unusual login attempts into employees’ email accounts and employee training on how to spot a phishing email is an important first step in preventing BEC attacks. If a firm handles money transfers, any transfers that are requested that are not commonly seen should be verified by phone—even if it takes more time for the transfer to be complete, it could save thousands of dollars for an organization.
More information can be found here: https://research.checkpoint.com/2020/ir-case-the-florentine-banker-group/