Security Audit

Our Web Application Pentest ( WAP) attempts to address the Owasp top 10 & SANS top 20 web application vulnerabilities and other exploitable loopholes of your web application . Along with it our WAP team also test web applications for Business logic flaws that can directly or indirectly effect the functioning of application.

Trainings

We are here to help you solve your biggest query- where and how to start? CDI has brought various courses in Ethical Hacking in Chandigarh where all you technology lovers will be given the much needed push to move forward and create a niche for yourself in the field. From Beginner to Expert level we have many kinds of training patterns.

Call Us : +91-771045-0011 | +91-771045-0022

Hackers are running a Business Email Compromise Campaign in ASIA, MIDDLE EAST and US to steal money!


According to a well-known security software company Trend Micro, Hackers are running a BEC (Business Email Compromise) Campaign with the help of Olympic Vision keylogger. Hackers are targeting companies of Asia Pacific and Middle East. Security Experts of Trend Micro have also seen some cases in United States too. This is a malware based campaign and hackers are targeting head employees of companies.

Hackers are using malware in a BEC (Business Email Compromise) attack, to hijack the email accounts of victims. If hackers successfully got the access of official’s email accounts, they are able to send emails for financial transactions. Hackers can also steal sensitive data of companies, but in this campaign they are focusing on financial transactions. These attacks have been traced back to Kuala Lumpur and Lagos, security researchers said.

First these type of attacks were called “Man-in-the-E-mail Scam”. It was a bit confusing therefore it was changed to BEC in order to focus on the business angle. In this attack, hackers mostly target that companies which are working with foreign suppliers and doing their transactions through emails. These payments are called, wire transfer payments.


How BEC attacks are happening?

The security researchers of Trend Micro said, “Hackers are targeting head employees of companies by sending them a malicious email. Hackers are sending a keylogger within the email. Once they got access of victim’s account, they tricks other employees, business partners and Suppliers to perform wire transfer payments. Hackers are spreading an “Olympic Vision” named keylogger through the emails. Hackers have targeted key employees of 18 different countries till the day.”

Hackers are sending emails to business partners and suppliers from the compromised email accounts. In emails, they are writing that they there is a problem with your recent bank transfer. By tricking them, hackers are collecting important information related to financial accounts and then they are doing illegal transactions.

Trend Micro published a report,” Hackers are targeting key employees of 18 different companies by sending them “Olympic Vision” keylogger through an email. Actually hackers are running a BEC (Business Email Compromise) campaign in Middle East, Asia and United States. Hackers have high social engineering skills, therefore they are targeting employees with the help of spear phishing. Hackers are spreading info stealing malware to access the wire transfer payements”.

 

A Brief note on “Olympic Vision” Malware

According to the security researchers of Trend Micro, “Olympic Vision is a keylogger and it is not very costly. It is available on Black Market, just for 25 Dollars. It is also not very advanced threat but it have many features due to which it is capable to steal a variety of important information from its target. It has two main functions. First, it records the keystrokes and second it is capable to take screenshots after few seconds in order to steal information” Researchers also said that this is the fourth malware, which we have seen on BEC attacks.

Security Researchers of Trend Micro said that we are tracing the users of “Olympic Vision” keylogger and we have successfully traced the identities of two Nigerian bad actors. One from them was operating this malware from Lagos and the other one was operating from Kuala Lumpur.

BEC (Business Email Compromise) attacks are big threat for the companies. According to a study of FBI, companies had lost over a billion dollars in past two years just because of these attacks. 55 Millon US Dollars theft at FACC is biggest example of BEC attacks.

Read: $55 million stolen by Hackers from FACC Aircraft Company in a BEC attack!

Leave a Reply

Name
Email id
Contact No
Comment

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.