In anticipation of our previous threat monitoring and forensics webinar we asked the Twitterverse what happens after they report a suspicious email. Does it fall into a black hole? Does IT check it out to mitigate potential impact? The results are in, and interestingly a majority of polled respondents simply don’t know what happens to their emails after they report it.
To further our Cyber Security Awareness Month initiative in helping you be #CyberAware, we want to focus on a specific type of phishing tactic that has gained popularity in the last few years: Business Email Compromise, commonly referred to as "BEC." As cybercriminals evolve their attack methodologies, they have learned from their mistakes and BEC is an unfortunate example of how they are circumventing technology defenses and exploiting organizations' greatest vulnerability: employees.
During a recent analysis of a business email compromise (BEC) scam, we observed a lure attempting to install the Olympic Vision Keylogger. Further research determined that this keylogger and the accompanying Olympic Vision Crypter were used in a larger campaign, targeting multiple organizations using a variety of different lures, including invoice lures and shipment confirmation lures. This campaign appears to be originating out of South Africa, utilizing both maliciously registered free domains as well as compromised domains.