Researchers reported that they’ve identified two groups using executive impersonation to launch business email compromise (BEC) attacks in at least 13 different languages.
In a Feb. 16 blog post, Abnormal Security researchers said while attacking targets across various regions and using multiple languages is nothing new, in the past, these attacks were perpetrated mainly by sophisticated organizations with large budgets and advanced resources. Thanks to the proliferation of automated translation tools such as Google Translate, threat actors can more readily translate emails into whatever language they need.
The two groups Abnormal Security identified are Midnight Hedgehog, which traffics in payment fraud, and Mandarin Capybara, a group that executes payroll diversion attacks. The two groups combined have launched BEC campaigns in Danish, Dutch, Estonian, French, German, Hungarian, Italian, Norwegian, Polish, Portuguese, Spanish, and Swedish.
“These attacks demonstrate that BEC is a global issue and not just an English-only phenomenon,” said Crane Hassold, director of threat intelligence at Abnormal Security. “Our findings also show how cybercriminals are always looking to exploit various tools, such as Google Translate, to expand their potential victim population. This is why it’s so important for organizations to protect themselves with inbound defenses that look at potential threats holistically and leverage behavioral analytics to protect employees against these more dynamic, sophisticated threats.”
BECs attacks are one of the fastest-growing and financially destructive cyber threats on record. BEC attacks accounted for more than one-third of all cybercrime losses in 2021, totaling nearly $2.4 billion in damage for the year. And, the FBI estimates there have been more than $43 billion in exposed losses since 2016.
As someone living in Quebec, a French-speaking province in a country where English is more prevalent, I have personally noticed an increase in phishing and BEC using French, said Guillaume Ross, Deputy CISO at JupiterOne.
“Believing you are safer on the internet because you are less of a target than English-speaking internet users is wrong, and becoming more wrong,” said Ross. “The same is true for organizations serving a large percentage of customers in other languages. As with many tools that democratize access to consuming or producing content, it’s impossible to reap the benefits without the potential negatives that come with them.”
Patrick Harr, chief executive officer at SlashNext, added that BECs have always been perpetrated globally in multiple languages.
“Therefore, it’s extremely critical to have technology that can detect BEC attacks in multiple languages that not only leverages relationship graph technology, but generative AI to understand relationship abnormalities and predict the intent of these specialized attacks,” said Harr.
