In The Spotlight This Week:
• Forrester: Is paying a ransom all that bad?
• BEC tops the chart as #1 cybercrime trend
• Threat Actor Dossier: Cosmic Lynx & the Rise of Russian BEC
• North Korean Hackers Ramp Up Bank Heists
Conventional wisdom says never to pay a ransom. But hardline conversations about whether to negotiate with cybercriminals take a backseat to reality – we are all responsible to our clients, employees, and other key stakeholders in our organizations. Forrester’s recent report outlines how and why paying ransom can be a valid recovery option based on business needs and circumstances.
BEC is now today's top cybercrime trend as scammer groups are growing more opportunistic. The average sum that a BEC group will try to extort from a targeted company is now around $80,000 per attack – up from $54,000 in Q1 2020. This rapid increase in cases and average costs comes as no surprise given the current COVID environment – the growing reliance on digital communications combined with an unsecured remote work force make many companies easy targets for scammers. Firms should prepare for these and other cyber incidents with an incident response plan and team in place to manage a breach. For more information on BEC scams, read our recent article on BEC prevention and incident management here.
An interesting report highlights the Russian threat actor group Cosmic Lynx using sophisticated tactics – writing emails in French, using flowery language, and labeling their sensitive requests things like “Project Rubicon”. Mule account is located in Hong Kong, taking advantage of DMARC settings to spoof the actual CEO’s email (flaw used in only 4% of attacks), and tied to the distribution of Emotet and Trickbot.
North Korean hackers are tapping into banks around the globe to make fraudulent money transfers and cause ATMs to spit out cash. This report comes from a technical cybersecurity alert jointly written by four different federal agencies – including the Treasury Department and FBI – reporting a resurgence in financially motivated hacking efforts by the North Korean regime this year after a period of inactivity.
Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.