These devious cybercriminals impersonate law firms to steal your data
Crimson Kingsnake is up to some blind BEC attacks
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Cybersecurity researchers have spotted crooks impersonating major law firm powerhouses to try and trick people into making payments for bogus work.
Experts from Abnormal Security uncovered a brand new Business Email Compromise (BEC) attack, conducted by a threat actor dubbed Crimson Kingsnake.
In the attack, the threat actors would send out anemail, pretending to be one of a number of large American law firms, requesting payment for work that was allegedly done months ago.
Talking to themselves
The targets are most likely chosen at random, in what researchers describe as “blind BEC attacks” - so in other words, the attackers would cast a wide net and see what sticks.
The email itself is quite meticulously crafted, using big names such as Kirkland & Ellis, Sullivan & Cromwell, and Deloitte. Obviously, it’s typosquatted (the email address is almost identical to the authentic email belonging to the impersonated law firm, but not quite identical), but the body holds all the right logos and letterheads. It’s also punctual, which is not a feature we usually see in BEC andphishingattacks.
It gets even more interesting when the victim challenges the attacker. Should they question the work, the payment, or anything else of the sorts, the attackers would add in a third persona, a fake executive from the target firm, who would then “confirm” the authenticity of the request, and “approve” the payment.
“When the group meets resistance from a targeted employee, Crimson Kingsnake occasionally adapts their tactics to impersonate a second persona: an executive at the targeted company,” the report reads.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The many moving parts of business email compromise>Your boss isn’t really emailing you - it’s a scam>Here are the best firewalls around
“When a Crimson Kingsnake actor is questioned about the purpose of an invoice payment, we’ve observed instances where the attacker sends a new email with a display name mimicking a company executive. In this email, the actor clarifies the purpose of the invoice, often referencing something that supposedly happened several months before, and “authorizes” the employee to proceed with the payment."
Despite everyone’s best efforts, phishing emails and business email compromise attacks are still one of the most popular ways for cybercriminals to conduct their raids. Employees on the receiving end of these emails are often reckless, overworked, or distracted, doing things they wouldn’t normally do, including making wire transfers, downloading attachments, signing into services through links provided in the email, etc.
Via:BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Windows PCs targeted by new malware hitting a vulnerable driver
Dangerous Android banking malware looks to trick victims with fake money transfers
Apple iMac 24-inch M4 (2024) review: the best, and most colorful, all-in-one computer levels up
