October 3, 2019 By David Bisson 2 min read

The Silent Starling cybercriminal group is conducting vendor email compromise attacks to target unsuspecting customers.

In its analysis of the group and its three main threat actors, Agari observed Silent Starling conducting vendor email compromise attacks by sending phishing messages to vendors and suppliers. The group used those emails to trick recipients into divulging passwords that would enable the attackers to access the targeted email account. Once in control, Silent Starling set up a forwarding rule so that it would receive copies of all emails sent to that account.

Agari noted that Silent Starling set itself apart from other business email compromise (BEC) groups by waiting, sometimes as long as months, to observe emails exchanged on the compromised account, gather information and formulate a strategy. When they were ready, the criminals used the compromised account to send an invoice to one of the victim vendor’s customers. That message used modified banking details to trick the customer into sending payment to an attacker-controlled bank account.

The Rise (and Fall) of BEC Scammers

The costs associated with BEC scams are at an all-time high. In September 2019, the FBI’s Internet Crime Complaint Center (IC3) revealed that global losses stemming from BEC scams cost approximately 160,000 victims more than $26 billion in damages between June 2016 and July 2019.

It’s no wonder the FBI has stepped up its efforts to bring BEC scammers to justice. One big crackdown came in June 2018 when the Department of Justice arrested 74 alleged fraudsters, including 42 U.S. residents, for targeting hundreds of individuals with BEC scams. Even so, that takedown paled in comparison to Operation reWired, during which the FBI arrested 281 individuals involved with an international BEC scheme.

Help Defend Against Vendor Email Compromise

Security professionals can help defend against vendor email compromise attacks by creating a security awareness program and developing a security culture that’s unique to the organization. Companies should also seek to leverage partnerships and third-party services, including phishing intelligence feeds that integrate with security information and event management (SIEM), to stay on top of the latest email threat campaigns.

More from

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

4 min read - Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations.The 2024 Allianz Risk…

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity

4 min read - Nation-state adversaries are changing their approach, pivoting from data destruction to prioritizing stealth and espionage. According to the Microsoft 2023 Digital Defense Report, "nation-state attackers are increasing their investments and launching more sophisticated cyberattacks to evade detection and achieve strategic priorities."These actors pose a critical threat to United States infrastructure and protected data, and compromising either resource could put citizens at risk.Thankfully, there's an upside to these malicious efforts: information. By analyzing nation-state tactics, government agencies and private enterprises are…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today