Researchers at Todyl have published a report on a major cybercriminal group that’s conducting business email compromise (BEC) attacks against small and medium-sized businesses. Todyl describes three separate BEC attacks launched by this threat actor.
In one case, the attackers compromised a Microsoft 365 account belonging to an individual working at a small non-profit. In another instance, the threat actor targeted executives working in a mid-sized manufacturer’s product development department. In a third case, the attackers targeted an accountant working in a small accounting firm.
“The threat group infrastructure is incredibly active and has accelerated over the last 3 months,” the researchers write. “At the peak, approximately 65% of all attempted BEC cases across Todyl came from this group, with the vast majority being pre-infected and newly onboarded organizations. The attacks targeted everything from very small businesses to mid-market companies across legal, construction, critical infrastructure, defense, health care, non-profit, and many other industries.”
Todyl stresses that the operation is sophisticated and highly organized. The threat actor puts a great deal of effort into launching targeted attacks against smaller entities.
“The sheer volume of hosts is staggering, and managing such a large fleet requires significant capital and automation, pointing to a well-funded and operationally mature group,” the researchers write. “They also leveraged trusted proxy services like Cloudflare to hide their phishing lures and malicious login pages, enabling them to bypass web security gateways and URL filters, further underscoring their advanced capabilities and sophistication.”
The researchers note that BEC attacks are designed to bypass technical security defenses and bypass humans directly.
“Business Email Compromise (BEC) continues to evolve into one of the most pervasive and damaging cyber threats in the modern digital landscape,” the researchers write.
“As small and medium businesses enhance their defenses with endpoint security, attackers are adapting, seeking new ways to bypass these barriers. The shift in tactics is stark: rather than rely on traditional malware, threat actors are exploiting human error, trust, and communication channels, focused on services that remain vulnerable.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Todyl has the story.