Sta Hungry Stay Foolish

Stay Hungry. Stay Foolish.

A blog by Leon Oudejans

‘London Blue’ hacker group targets chief financial officers (FT)

7 December 2018


FT title: ‘London Blue’ hacker group targets chief financial officers

FT subtitle: List of 50,000 targets found by cyber security firm Agari

“A hacker group has compiled a list of 35,000 chief financial officers, some working at the world’s biggest banks and mortgage companies, so it can target them with requests to transfer money. 

The “London Blue” hackers are the latest group to focus on “business email compromise” campaigns, according to the cyber threat detection company Agari, which found a list of 50,000 targets. Most of the rest of the people on the list were in accounting departments. 

The FBI warned in July that this method — of rushing a chief financial officer into transferring money to an unknown account — is on the rise and cost companies more than $12bn since 2013, while the number of victims reached 78,617. 

Agari has handed its evidence to the US and UK law enforcement agencies. If members of the hacking group are found to be based in the UK and US, it could be easier to prosecute them than in other territories. 

Crane Hassold, senior director of threat research at Agari, said it had seen evidence that hackers had been successful in some cases, including observing a “money mule” persuade a bank’s loss prevention unit that a transaction for more than $20,000 was valid. 

“It is pure social engineering,” he said, as the attack requires playing with people’s minds, not sophisticated technology. “The reason it is on the rise is because it has been proven to work.” 

Agari first discovered the group when it tried to trick the cyber security company’s chief financial officer with a spoof email that purported to be from the chief executive — a practice known as “whaling” because a hacker disguises themselves as one of the biggest fish at the company. Agari engaged with the attackers to find out more about which bank accounts they were using to take transactions. 

The company says the London Blue group is based in Nigeria but has extended its operations with 17 potential collaborators in Western Europe and the US. The group acts like a “modern corporation”, with units carrying out lead generation, financial operations and human resources functions, Agari said. 

The hackers are using contact lists acquired from two data brokers, usually used by marketers and sales teams, to select their targets. 

“London Blue’s effectiveness depends on working with commercial data brokers to assemble lists of target victims around the world. Doing so gives it the attack volume of a mass spam campaign, but with the target-specific customisation of spear-phishing attacks,” the researchers said in a report. 

The list of potential victims showed more than half were in the US, with others in the UK, Spain, Finland, the Netherlands and Mexico. Financial services was the number one industry targeted, followed by construction, real estate and healthcare.”



Framework Posts


Submit a Comment

Your email address will not be published. Required fields are marked *

Pin It on Pinterest