Vane3alga

Business
Focused
Technology

A business email compromise (BEC) gang has launched more than 350 attacks against organizations in the US, according to researchers at Abnormal Security. The threat actor, which Abnormal Security tracks as “Firebrick Ostrich,” conducts open-source reconnaissance on their targets in order to construct their scam.

“In contrast to other forms of financial supply chain compromise where an attacker has deep insight into a specific vendor/customer relationship, third-party reconnaissance occurs when an attacker knows that there is a relationship between two organizations but has limited or no knowledge about actual outstanding payments,” the researchers write. “In essence, an attacker in these cases has the necessary context to impersonate a vendor but not enough information to be specific in their payment request.”

Cybercriminal Uses Direct Social Engineering

The threat actor then sends the customer organization an invoice posing as the vendor.

“Once an attacker has collected this information, they will then initiate their attack by impersonating the vendor and emailing the customer, inquiring about a potential outstanding payment,” the researchers write. “Because the attacker doesn’t have specific knowledge about an actual overdue invoice, these initial emails tend to be more general requests—rather than containing specific details that might be found in a traditional vendor email compromise attack.”

In addition, the threat actors can ask the victim to change the vendor’s banking information, so that future payments will be sent to the attackers until the vendor notices they haven’t been paid.

“Instead of requesting payment for a current invoice, another tactic that a threat actor might use is to simply request that a vendor’s stored bank account details be updated so any future payments get redirected to the new account,” the researchers explain. “This tactic is a little more stealthy, as the attacker isn’t requesting an immediate payment—the red flag accounts payable specialists are taught to notice. These attackers are playing a longer game, hoping that a simple request now will result in a payment to their redirected account with the next payment.”

Abnormal Security has the story.


Source: KnowBe4

Success Stories

President, Transportation Company

Your technical support team has always been able to handle our needs quickly, efficiently, and patiently. We appreciate your timeliness and the hours you have saved us. It is great to know that we have people at IT360 capable to provide solutions to our problems.

President, Transportation Company

Recent
Technology News

IT 360 News - Digital Independence: What America’s 250th Birthday Teaches Us About Cybersecurity in 2026
Digital Independence: What America’s 250th Birthday Teaches Us About Cybersecurity in 2026

Digital Independence: What America’s 250th Birthday Teaches Us About Cybersecurity in 2026 As the United States celebrates its 250th year of independence this July 4, 2026, there’s a powerful question for modern organizations: What does independence look like in a digital world?  Two hundred fifty years ago, independence meant freedom from external control. Today, it […]

Read more
IT 360 News - Why ‘Working Fine’ Is Silently Holding Your Business Back
Why ‘Working Fine’ Is Silently Holding Your Business Back

Most IT environments don’t fail dramatically. They linger. For many organizations, systems are “working fine” — emails go through, files are accessible, users can log in — so problems don’t feel urgent. But beneath the surface, that fine often comes with hidden costs: slower response times, manual workarounds, duplicated effort, security gaps, and growing dependence […]

Read more