Operation ReWired Arrests 281 and Recovers $118M
Score 1 for the good guys. The FBI’s project Operation ReWired took down a network of hackers using Business Email Compromise attacks to commit fraud. This resulted in the arrests of 281 alleged hackers on charges of wire fraud ($3.7 million recovered). Additionally, these hackers allegedly committed 250,000 cases of identity theft and 10,000 cases of tax fraud. The Operation seized more than $118 million in fraudulent wire transfers that may now be returned! September 2019 was a great month for cybersecurity!
What is Business Email Compromise?
Business Email Compromise (aka: BEC) is when an email account, usually for someone in finance, is broken into. This is often accomplished through a phishing attack that leads to credential theft as outlined in CyberHoot’s recent article titled the Domino Attack. Credentials are stolen when a victim clicks on a fraudulent phishing email link or opens a bogus invoice. Doing this brings the victim to a malicious website that prompts the user to enter their email and password. These emails are often sent by someone your CFO already knows, meaning the sending email address is actually correct and expected. The other finance person’s email has likely been compromised by hackers who are now targeting your CFO.
This compromise results in a hacker entering the CFO’s email account, reading through their financial transactions emails, and redirecting normal wire transfers by inserting fraudulent wiring instructions into the email based conversations. The success of this scam rests exclusively upon both parties never authenticating these wiring instruction changes outside of email. This results in money being wired into hacker accounts that are mostly untraceable. These fraudulently wired funds are rarely recovered.
International Cooperation Leads to Take Down
Operation ReWire was possible through the combined efforts of law enforcement agencies across 10 countries. Together they unraveled a complex network of hackers, phishing attacks, money mules, and money laundering activities. This operation proves international law enforcement cooperation is possible. It also sends a message to hackers that they will be caught. Cyber Al has witnessed smaller scale BEC from social engineering and phishing attacks that will never be recovered (or reported). That’s because the dollar amounts were too small to involve the FBI or internal law enforcement. The worlds Small and Medium-sized Businesses (SMB’)s are on the front lines of BEC fraud! It’s getting worse year after year with a doubling of financial losses in 2018 alone.
An Important Message sent to Hackers
These enormous losses have led the FBI to make BEC fraud a priority for its agency. In June of 2018, the FBI made 74 arrests and seized 2.4 million in a similar BEC take-down. These take-down events and arrests are putting hackers on notice that you can and will be caught.
Who’s at risk to the threat of BEC ?
Verizon security services division puts out an annual Data Breach Incident Report (DBIR) summarizing cybersecurity attack trends which include who is being hacked and how they’re being hacked. BEC is near the top of their list of attacks. More importantly, they note that SMB’s are successfully attacked 15x more often then smaller and larger firms with less than 10 or greater than 100 employees. This puts SMB’s at the greatest risk of targeted BEC attacks. If you’re a small business owner, do not dispair! There are simple measures you can institute at your company to protect yourself.
What should SMB’s do?
Even with the FBI take down of this criminal network, it is a small drop in the bucket of an FBI estimated 3 year $26 Billion in losses. The FBI still recommends to “Implement an awareness and training program” to safeguard your business. Therefore, you need to prepare yourself for these attacks. Fortunately, with Business Email Compromise, preparations are relatively straight-forward. The single best measure you can take is to review and document your Wire Transfer Process. Cyber Al recommends that ALL changes to wiring instructions be confirmed outside of email, preferably via a phone call. Establish accurate wiring instructions with all parties. Do not dial a phone number supplied in a fraudulent email to validate new wiring instructions. That phone number is likely also bogus. Look-up a known good phone number and contact to verify and validate.
Positive Conclusions
This take-down arrested 281 potentially bad actors and recovered over $118 million in fraudulent wires. More importantly, Operation ReWire proves that international law enforcement agencies can work together. It proves that hackers cannot hide behind computer screens in the dark corners of the Internet. This is an important win. Let’s enjoy this win but also validate our business processes to protect ourselves from BEC and wire fraud.
Teach employees about Business Email Compromise and gain access to Wire Transfer Process documents with a free 30-day CyberHoot trial.
Become more Aware to become more secure.