The Silent Starling cybercriminal group is conducting vendor email compromise attacks to target unsuspecting customers.

In its analysis of the group and its three main threat actors, Agari observed Silent Starling conducting vendor email compromise attacks by sending phishing messages to vendors and suppliers. The group used those emails to trick recipients into divulging passwords that would enable the attackers to access the targeted email account. Once in control, Silent Starling set up a forwarding rule so that it would receive copies of all emails sent to that account.

Agari noted that Silent Starling set itself apart from other business email compromise (BEC) groups by waiting, sometimes as long as months, to observe emails exchanged on the compromised account, gather information and formulate a strategy. When they were ready, the criminals used the compromised account to send an invoice to one of the victim vendor’s customers. That message used modified banking details to trick the customer into sending payment to an attacker-controlled bank account.

The Rise (and Fall) of BEC Scammers

The costs associated with BEC scams are at an all-time high. In September 2019, the FBI’s Internet Crime Complaint Center (IC3) revealed that global losses stemming from BEC scams cost approximately 160,000 victims more than $26 billion in damages between June 2016 and July 2019.

It’s no wonder the FBI has stepped up its efforts to bring BEC scammers to justice. One big crackdown came in June 2018 when the Department of Justice arrested 74 alleged fraudsters, including 42 U.S. residents, for targeting hundreds of individuals with BEC scams. Even so, that takedown paled in comparison to Operation reWired, during which the FBI arrested 281 individuals involved with an international BEC scheme.

Help Defend Against Vendor Email Compromise

Security professionals can help defend against vendor email compromise attacks by creating a security awareness program and developing a security culture that’s unique to the organization. Companies should also seek to leverage partnerships and third-party services, including phishing intelligence feeds that integrate with security information and event management (SIEM), to stay on top of the latest email threat campaigns.

More from

Who Carries the Weight of a Cyberattack?

Almost immediately after a company discovers a data breach, the finger-pointing begins. Who is to blame? Most often, it is the chief information security officer (CISO) or chief security officer (CSO) because protecting the network infrastructure is their job. Heck, it is even in their job title: they are the security officer. Security is their responsibility. But is that fair – or even right? After all, the most common sources of data breaches and other cyber incidents are situations caused…

Transitioning to Quantum-Safe Encryption

With their vast increase in computing power, quantum computers promise to revolutionize many fields. Artificial intelligence, medicine and space exploration all benefit from this technological leap — but that power is also a double-edged sword. The risk is that threat actors could abuse quantum computers to break the key cryptographic algorithms we depend upon for the safety of our digital world. This poses a threat to a wide range of critical areas. Fortunately, alternate cryptographic algorithms that are safe against…

Abuse of Privilege Enabled Long-Term DIB Organization Hack

From November 2021 through January 2022, the Cybersecurity and Infrastructure Security Agency (CISA) responded to an advanced cyberattack on a Defense Industrial Base (DIB) organization’s enterprise network. During that time frame, advanced persistent threat (APT) adversaries used an open-source toolkit called Impacket to breach the environment and further penetrate the organization’s network. Even worse, CISA reported that multiple APT groups may have hacked into the organization’s network. Data breaches such as these are almost always the result of compromised endpoints…

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…