BEC Gang Exploits G Suite, Long Domain Names in Cyberattacks

BEC gangs like “Exaggerated Lion” are using tricky tactics – like exploiting G Suite – to scam companies out of millions.

Business email compromise (BEC) attacks continue to be a thorn in companies’ sides, with the FBI in its IC3 annual cybercrime report saying that the attacks cost victims $1.7 billion in 2019.

Making matters worse, BEC cybergangs are turning to new tactics and tricks to avoid detection and capitalize on existing victims. For instance, a cybercriminal gang that researchers call “Exaggerated Lion” has been making use of G Suite and extremely long domain names to swindle millions of dollars out of its victims.

Crane Hassold, senior director of research with Agari, talks to Threatpost at RSA 2020 about how BEC scams are becoming more dangerous and trickier to detect.

Check out more Threatpost in-depth interviews here, and be sure to subscribe to Threatpost’s YouTube channel to stay updated on the latest videos. 

Concerned about the IoT security challenges businesses face as more connected devices run our enterprises, drive our manufacturing lines, track and deliver healthcare to patients, and more? On June 3 at 2 p.m. ET, join renowned security technologist Bruce Schneier, Armis CISO Curtis Simpson and Threatpost for a FREE webinar, Taming the Unmanaged and IoT Device Tsunami. Get exclusive insights on how to manage this new and growing attack surface. Please register here for this sponsored webinar.

Suggested articles

It’s Not the Trump Sex Tape, It’s a RAT

Criminals are using the end of the Trump presidency to deliver a new remote-access trojan (RAT) variant disguised as a sex video of the outgoing POTUS, researchers report.

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.

Discussion

  • Curt K on

    Hi Interesting article, I learnt a new term - BEC. However I would argue that the use of the term "exploits G Suite" in the headline suggests that G Suite is exploited /vulnerable but it rather sounds like G Suite , along with long domain names is part of their toolkit?
  • Domain Guy on

    I kind of agree with Curt here. Also, I think this has a negative impact on the entire community of domain investors. Topics like these come up time and again on namePros and other places as well. I believe this is something that the registrars can take care of, by curbing it as soon as something is reported. Also, some registrars have altogether stopped the registration of COVID names. But this is a temporary solution to permanent problem

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.