Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Today is the Day I have Dreaded for the Last 5 Years

From: InfoSec News <alerts () infosecnews org>
Date: Wed, 8 Jul 2020 13:21:23 +0000 (UTC)
https://medium.com/@iHeartMalware/today-is-the-day-i-have-dreaded-for-the-last-5-years-51db99ee38fa

Ronnie T
Jul 7, 2020
September 2015 is when it all started. At the time I was working at PhishMe (now Cofense), and our CFO received a shady looking email, asking if he was busy.
“I have no idea what this is, can you guys take a look at it? Rohyt didn’t send this email.”
Aaron and I started looking at the email to figure out what was going on. At the time emails never needed a response, because malicious emails were just that: malicious, and always contained malware. This one was a little different, as there was no malware to be found. Where’s the macro or link? Where’s the payload? My handle is literally “iHeartMalware”, but there’s no way to infect a user with this. It’s just someone asking fo-AH HA!
The email wanted our CFO to do a wire transfer, but we were still lacking context. Why did they want a wire transfer? Aaron suggest responding back to the scammers to see how it played out, and we did. Without missing a beat the scammers responded, sent a bank account, and asked for us to transfer money to an account under their control. We published the research, and even referenced the FBI statistics of 2015 from Mr. Brian Krebs himself, FBI lost 1.2 billion dollars to Business Email Scams. OMG, a billion dollars? That’s a lot of money being lost, and we should probably start trying to figure this out. 

Current me is looking back at past me:
The more we studied this new thing called business email compromise, the worse it got. We started working with other private companies to try and understand the problem, and that’s when the BEC mailing list was born. Christmas of 2015. Initially we were 100 security professionals and 10 FBI agents, and our goal was that: to study and begin to understand how this BEC mess worked. Everything was held at the TLP:Red level as a way to ensure that information could be shared freely and securely, and collaboration worked. It worked really well. 110 people, we got this, right? …Right? 

3.1 billion.

[...]


--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
Follow InfoSec News on Twitter
https://twitter.com/infosecnews_
Follow InfoSec News on LinkedIn
https://www.linkedin.com/company/infosecnews/
Previous By Date Next
Previous By Thread Next

Current thread: