October 3, 2019 By David Bisson 2 min read

The Silent Starling cybercriminal group is conducting vendor email compromise attacks to target unsuspecting customers.

In its analysis of the group and its three main threat actors, Agari observed Silent Starling conducting vendor email compromise attacks by sending phishing messages to vendors and suppliers. The group used those emails to trick recipients into divulging passwords that would enable the attackers to access the targeted email account. Once in control, Silent Starling set up a forwarding rule so that it would receive copies of all emails sent to that account.

Agari noted that Silent Starling set itself apart from other business email compromise (BEC) groups by waiting, sometimes as long as months, to observe emails exchanged on the compromised account, gather information and formulate a strategy. When they were ready, the criminals used the compromised account to send an invoice to one of the victim vendor’s customers. That message used modified banking details to trick the customer into sending payment to an attacker-controlled bank account.

The Rise (and Fall) of BEC Scammers

The costs associated with BEC scams are at an all-time high. In September 2019, the FBI’s Internet Crime Complaint Center (IC3) revealed that global losses stemming from BEC scams cost approximately 160,000 victims more than $26 billion in damages between June 2016 and July 2019.

It’s no wonder the FBI has stepped up its efforts to bring BEC scammers to justice. One big crackdown came in June 2018 when the Department of Justice arrested 74 alleged fraudsters, including 42 U.S. residents, for targeting hundreds of individuals with BEC scams. Even so, that takedown paled in comparison to Operation reWired, during which the FBI arrested 281 individuals involved with an international BEC scheme.

Help Defend Against Vendor Email Compromise

Security professionals can help defend against vendor email compromise attacks by creating a security awareness program and developing a security culture that’s unique to the organization. Companies should also seek to leverage partnerships and third-party services, including phishing intelligence feeds that integrate with security information and event management (SIEM), to stay on top of the latest email threat campaigns.

More from

How to calculate your AI-powered cybersecurity’s ROI

4 min read - Imagine this scenario: A sophisticated, malicious phishing campaign targets a large financial institution. The attackers use emails generated by artificial intelligence (AI) that closely mimic the company's internal communications. The emails contain malicious links designed to steal employee credentials, which the attackers could use to gain access to company assets and data for unknown purposes.The organization's AI-powered cybersecurity solution, which continuously monitors network traffic and user behavior, detects several anomalies associated with the attack, blocks access to the suspicious domains…

Being a good CLR host – Modernizing offensive .NET tradecraft

14 min read - The modern red team is defined by its ability to compromise endpoints and take actions to complete objectives. To achieve the former, many teams implement their own custom command-and-control (C2) or use an open-source option. For the latter, there is a constant stream of post-exploitation tooling being released that takes advantage of various features in Windows, Active Directory and third-party applications. The execution mechanism for this tooling has, for the last several years, relied heavily on executing .NET assemblies in…

The current state of ransomware: Weaponizing disclosure rules and more

4 min read - As we near the end of 2024, ransomware remains a dominant and evolving threat against any organization. Cyber criminals are more sophisticated and creative than ever. They integrate new technologies, leverage geopolitical tensions and even use legal regulations to their advantage.What once seemed like a disruptive but relatively straightforward crime has evolved into a multi-layered, global challenge that continues to threaten businesses and governments alike.Let’s take a look at the state of ransomware today. We’ll focus on how cyber criminals…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today