Home - Article

Featured Article

July 07, 2020

Russian Cosmic Lynx BEC Gang Marks a Hacker Turning Point


Photo courtesy of the FBI

2020 marks a major year for hackers as they continue to evolve. Earlier this year, we told you Ransomware was becoming Extortionware and then that hackers started an affiliate program allowing hackers to just get the Extortionware malware onto the host’s systems and then receive a percentage of the payout.

Phishing defense company Agari has some seriously alarming news regarding business email compromise where a hacker gets into the company’s email, monitors it and looks for an opportunity to trick someone into wiring money into their account.

Email fraud originated in West Africa in the form of 419 fraud schemes more than 30 years ago, and today 90 percent of BEC scams still emanate from the region. Meanwhile Russian and Eastern European gangs have historically innovated and perfected technology-based malware heists.

Cosmic Lynx puts a new spin on BEC phishing attacks by fabricating fake merger-and-acquisition scenarios that require a two-fold impersonation scheme involving the target organization’s CEO and external legal counsel. The cybercrime group asks target employees, who tend to hold a VP or higher title, to work with “external legal counsel” to coordinate the payments needed to close the purported acquisition. Cosmic Lynx then impersonates the identity of a legitimate attorney typically at UK-based law firms whose job it is to facilitate the transaction. It then moves the stolen funds through money mule accounts in Hong Kong, with secondary accounts located in Hungary, Portugal, and Romania. The group has actively avoided using money mule accounts in the U.S.

The major concern about this group is they are very active, they ask for a lot of money, $100,000 to $1 million and they have few if any grammatical errors in their correspondence.

Researchers say the group is likely based in Russia and as such, it marks a turning point for Russian hackers who used to focus on high-tech scams like ransomware and Extortionware.

This change is a major problem for U.S. and other western corporations as this group seems to be highly professional and expanding.

According to Agari:

Only 15 percent of the Fortune 500 have a DMARC record set at an enforcement policy that would stop malicious actors in their tracks — meaning 85 percent of companies have left their front doors wide open to fraudsters. Cosmic Lynx takes advantage of these lax DMARC controls to spoof the email addresses of impersonated CEOs, making their attacks appear much more authentic, in contrast to the vast majority of BEC attacks that use free webmail accounts or registered domains to send malicious emails.

The bottom line here is hackers continue to evolve and the corporate world seems to be falling increasingly behind. Investing in cybersecurity is part technology and part changing the culture.

It is always best to work with a cybersecurity expert like Apex Technology Services and ask for a cybersecurity assessment, which should be done regularly to ensure systems are as secure as possible.





Apex Technology Services
Choose from comprehensive, affordable solutions for IT consulting, network services and computer help desk support in Fairfield county including Norwalk, Darien, Stamford, Greenwich, Ridgefield and Bridgeport. Also Westchester county including Rye, New Rochelle, White Plains, Yonkers and New York including Manhattan and the five boroughs.
IT SERVICES

IT SERVICES

Apex Technology Services is a cutting edge MSP offering quality IT support to financial, medical, legal, Fortune 500 and government agencies while adhering to the highest of quality...

LEARN MORE
CYBERSECURITY Services

CYBERSECURITY

Apex Technology Services has the cybersecurity expertise to help your business in a world filled with attackers looking to shut down your business hold it ransom or steal your valuable...

LEARN MORE
CLOUD SERVICES

CLOUD SERVICES

Apex Technology Services delivers a combination of traditional IT functions such as infrastructure as a service (IaaS), applications, software, security, monitoring, storage...

LEARN MORE

Ranked Top 10 Network security Solution Provider

One Stop Shop For All Your Technology Needs


Contact us Now!