We often report here on new malware attacks and mention that it’s a constant back-and-forth action, with hackers and law enforcement changing their methods to combat the other better. With the law pushing back more on ransomware, hackers may turn more toward business email compromise (BEC).
Also read: iPhones Vulnerable to Malware Even When Powered Down
What Is BEC?
Before we can compare business email compromise and ransomware, we need to learn what BEC is. In this hacking method, cybercriminals break through corporate email accounts to issue fake invoices or contracts. The goal is for these emails to look legitimate enough to trick businesses into sending money, thinking it’s just another bill they’re required to pay.
Many BEC attacks originate in Nigeria, West Africa. The methods are based more on the effort of trickery than technology. But why would this be a method that would become preferable to ransomware?
Why BEC Could Replace Ransomware
Crane Hassold, the director of threat intelligence at Abnormal Security and a former digital behavior analyst for the FBI, will present his research on June 6. He’s expected to show the reasons hackers may make the switch from ransomware to BEC, as the former becomes less profitable and more risky.
The FBI has already shown that more money has been made in BEC attacks than with ransomware. Yet, ransomware can be more destructive and cause additional associated losses.
“So much attention is being paid to ransomware, and governments all over the world are taking action to disrupt it, so eventually the return on investment is going to be impacted,” said Hassold.
“And ransomware actors are not going to say, ‘Oh, hey, you got me’ and go away. So it’s possible that you would have this new threat where you have the more sophisticated actors behind ransomware campaigns moving over to the BEC space where all the money is being made.”
Hassold notes that malware used to be more flexible, so hackers could put together the right package to execute the ploy for money. The process of initializing access that is used with malware would be productive for BEC, as most of this effort is focused on breaking into an email system and being convincing enough to appear real. The more technical aspect of ransomware would make BEC attacks more legitimate.
The more noteworthy ransomware teams are mostly small, according to Hassold. BEC actors aren’t as organized, so they can be more difficult to pin down. The Nigerian government has not yet made enough contacts with global law enforcement to fight the BEC attacks.
“You can’t just cut off the head of the snake,” commented Hassold. “If you arrest a dozen or even a few hundred of these actors, you’re still not making much of a dent.”
It could be difficult for hackers to transition from ransomware to BEC. Traditionally, ransomware victims are forced to pay in cryptocurrency, while BEC payments are laundered. Ransomware actors would need to find a way into the money laundering network or create their own. With law enforcement keeping an eye on cryptocurrency, this may not be so easy.
While there does not appear to be a current collaboration between the Nigerian cybercriminals and those in Eastern European countries, Hassold has seen evidence of ransomware actors developing an interest in BEC.
“All of these types of attacks are very serious, and the stakes are very high, so it got me thinking about what things will look like in the future when ransomware eventually gets disrupted,” explained Hassold. “It’s possible that these two threats on opposite sides of the cybercrime spectrum will converge in the future – and we need to be ready for that.”
Read on to learn about malware emails that appear to originate from the IRS.
Image credit: Unsplash
