Interpols Massive Operation Delilah Nabs BEC Bigwig

  /     /     /  
Publicated : 23/11/2024   Category : security


Interpols Massive Operation Delilah Nabs BEC Bigwig


A sprawling, multiyear operation nabs a suspected SilverTerrier BEC group ringleader, exposing a massive attack infrastructure and sapping the group of a bit of its strength.



Business email compromise (BEC) attacks have caused billions of dollars in losses to businesses globally in recent years — but now international law-enforcement has notched up another victory in the battle against them.
Interpol on Wednesday announced that Operation Delilah has resulted in Nigerian police arresting the suspected head of SilverTerrier, aka TMT, which is a massive BEC operation that has been active since at least 2015, impacting thousands of businesses and individuals across four continents. The 37-year-old Nigerian man, who the Interpol did not name, was apprehended at the Murtala Muhammed International Airport in Lagos as he attempted to re-enter the country after fleeing ahead of the police in 2021.
The arrest marks the culmination of a year-long investigative effort that was led by the Interpols Africa desk and involved law-enforcement agencies from multiple countries. Three security vendors — Palo Alto Networks, Group-IB, and Trend Micro — also supported the effort by providing information on the BEC effort and its operators to the investigating entities. And Interpol also flagged CyberTOOLBELT as providing ad hoc support to the investigative effort.
The latest arrest
brings to 15 the total number of individuals who have been arrested in recent years for their alleged involvement in BEC scams out of Nigeria — a hotbed of activity for this type of threat for years. In January, Nigerias police, acting on information from 
Interpol, arrested 11 individuals
for allegedly defrauding or attempting to defraud some 50,000 organizations worldwide via BEC scams. Six of the individuals were identified as belonging to SilverTerrier. At the time of the January arrests, law enforcement authorities recovered one laptop that contained a staggering 800,000 usernames and passwords that appeared to belong to victim organizations.
That 10-day operation was code-named Falcon II; it was preceded by another in November 2020 dubbed Falcon I, when three alleged SilverTerrier members were arrested for their involvement in BEC scams that compromised
500,000 organizations worldwide
.
Pete Renals, principal researcher for Unit 42 at Palo Alto Networks, says researchers from the company have been
tracking the Nigerian individual
who was arrested recently since at least 2017. He notes that while this person is suspected to be a ringleader, its hard to say what exactly the individuals role was within SilverTerrier because of the sheer number of people who are part of the group and the amorphous nature of their malicious activities. 
It is difficult to draw boundaries around subgroups or affix certain roles to actors, as these groups are often time-bound, fluid in organization, and the individual role of a specific actor usually evolves over time, Renals says.
That said, Unit 42s research shows that the arrested individual likely owned the infrastructure that served as the command- and-control (C2) for malware such as ISRStealer, a keystroke logging tool; Pony, a password stealer; and the LokiBot information stealer, Renals notes. 
The security vendor says it also identified more than 240 domains that the threat actor had registered under various aliases. Fifty of those domains were used as C2 infrastructure for malware the threat actors used in their BEC campaigns. 
Significantly, the arrested individual provided a street address that belonged to a major US financial institution in NY when registering the domains, Palo Alto Networks said. The same individual also shared social-media connections with at least three of the BEC operators who were previously arrested as part of Operation Falcon II.
The string of arrests since late 2020 has highlighted the growing ability of international law enforcement authorities, cybersecurity vendors, and other stakeholders to work together in tracking down major BEC operators. Even so, BEC remains a major cyberscourge to organizations worldwide. 
According to
statistics maintained by the FBI
, BEC attacks caused a staggering $43 billion in actual and attempted losses worldwide between June 2016 and last December. In that time frame, there were some 241,200 BEC incidents involving victims in all 50 US states and 177 countries. Approximately 116,400 individuals and organizations in the US reported being targeted by a BEC scam during that period, causing over $14.7 billion in losses.
Renals says the sheer scope of BEC activity has made it challenging to stop. The BEC threat landscape is extremely active and constantly evolving, he says. As a threat type, it has grown over the years to become the most prevalent and costly form of malicious cyber activity targeting our organizations.
While Nigeria has been the center of BEC activity in recent years, there have been similar scams originating from other countries as well, he says. We also see BEC schemes originate from Malaysia and India, and we see facilitation of BEC schemes in most developed nations to include money mules laundering the money from the attacks, Renals says.

Last News

▸ There are plenty of online tools for reporting bugs. ◂
Discovered: 23/12/2024
Category: security

▸ 27 Million South Koreans Hit by Online Gaming Theft. ◂
Discovered: 23/12/2024
Category: security

▸ Homeland Security Background Checks Breach Raises Concerns. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Interpols Massive Operation Delilah Nabs BEC Bigwig