ORLANDO, Fla., Nov. 4, 2019 /PRNewswire/ -- "The City of Ocala, Fla. and Nikkei America made recent announcements that they were victimized in independent BEC attacks, resulting in losses of nearly $750,000 and $29 million, respectfully. These appear to be the latest examples of successful Vendor Email Compromise (VEC) attacks.
"VEC, an attack type coined by Agari, is where the email account of a third-party vendor and/ or supplier gets compromised and the email account is used to send incredibly realistic-looking messages to customers, requesting payment for an existing invoice. This type of attack (VEC) has been on the rise among BEC actors and is extremely difficult to detect. The malign actors compromise the vendor/supplier email and lie in wait, watching messages flow through the email inbox and gaining valuable context. In our recent Silent Starling threat actor dossier, we provided in-depth insight into the inner-workings of the criminal groups that perpetrate these fraudulent schemes.
"The VEC attack chain is separated into three primary components. First, the scammers compromise vendor email accounts using credential-phishing attacks that mimic common enterprise applications, like OneDrive or DocuSign. Second, the attackers set forwarding or redirect rules on the compromised accounts that send copies of all incoming emails to a separate account controlled by the scammers. These emails are harvested for valuable intelligence about a vendor's normal billing practices, to include identifying their customers and obtaining copies of legitimate invoices. Third, using this intelligence, a VEC attacker sends an email to a supplier's customers asking for payment for an invoice that is actually due. Because they're based on actual communication patterns used by the compromised vendor employee, these emails look and feel legitimate. The only difference? The bank account where the payment should be sent has been changed."
Crane Hassold, head of threat research at Agari Cyber Intelligence Division (ACID), will be speaking on this topic tonight at 6:55 p.m./EAST in Theater 7 at the Microsoft Ignite Conference in Orlando.