Apache Corporation is an oil-production company based in Texas.In 2013, Apache was the victim of a Business Email Compromise (BEC). At the heart of the scheme was a spearphishing email that appeared to come from Apache's vendor Petrofac Limited. Apache’s accounts-payable department received an email from “petrofacltd.com”. Unfortunately for Apache, Petrofac's real domain is "pretrofac.com". The criminals created “petrofacltd.com” to deceive Apache's accounting personnel. The deception worked and Apache paid $7 million according to the updated payment instructions received from “petrofacltd.com”. Unremarkably, the real Petrofac complained about not getting paid. An investigation was conducted which revealed the email fraud. While some of the stolen money [...]
The news is full of reports about compromised emails of important public officials and political leaders. While we don't know for sure who is behind the compromise of these emails, all indications are that the Russians are behind this. One of the leading investigators of this problem is Crowdstrike, who waxes poetic about the sophistication and technical prowess of the attackers. What are these bad guys doing that requires the resources of a country? Is this some kind of cyber atomic bomb coming out of a massive cyber Manhattan project? No. Ars Technica shows us exactly what the attackers are doing. They [...]
ThreatConnect has posted an excellent item detailing how somebody (Russia???) is using spearphising to undermine Bellingcat, an open source research firm that contributed to the MH17 investigation. MH17 is the Malaysian Airlines airliner that someone shot down over the Ukraine on July 17, 2014, killing all 283 passengers and 15 crew on board. If you visit the Bellingcat website you will see why the Russians would not be pleased with its content. Knowing the details of how bad guys use spearphishing emphasizes the need to identify and avoid evil emails.