BEC Gang Exploits G Suite, Long Domain Names in Cyberattacks

BEC gangs like “Exaggerated Lion” are using tricky tactics – like exploiting G Suite – to scam companies out of millions.

Business email compromise (BEC) attacks continue to be a thorn in companies’ sides, with the FBI in its IC3 annual cybercrime report saying that the attacks cost victims $1.7 billion in 2019.

Making matters worse, BEC cybergangs are turning to new tactics and tricks to avoid detection and capitalize on existing victims. For instance, a cybercriminal gang that researchers call “Exaggerated Lion” has been making use of G Suite and extremely long domain names to swindle millions of dollars out of its victims.

Crane Hassold, senior director of research with Agari, talks to Threatpost at RSA 2020 about how BEC scams are becoming more dangerous and trickier to detect.

Check out more Threatpost in-depth interviews here, and be sure to subscribe to Threatpost’s YouTube channel to stay updated on the latest videos. 

Concerned about the IoT security challenges businesses face as more connected devices run our enterprises, drive our manufacturing lines, track and deliver healthcare to patients, and more? On June 3 at 2 p.m. ET, join renowned security technologist Bruce Schneier, Armis CISO Curtis Simpson and Threatpost for a FREE webinar, Taming the Unmanaged and IoT Device Tsunami. Get exclusive insights on how to manage this new and growing attack surface. Please register here for this sponsored webinar.

Suggested articles

Discussion

  • Curt K on

    Hi Interesting article, I learnt a new term - BEC. However I would argue that the use of the term "exploits G Suite" in the headline suggests that G Suite is exploited /vulnerable but it rather sounds like G Suite , along with long domain names is part of their toolkit?
  • Domain Guy on

    I kind of agree with Curt here. Also, I think this has a negative impact on the entire community of domain investors. Topics like these come up time and again on namePros and other places as well. I believe this is something that the registrars can take care of, by curbing it as soon as something is reported. Also, some registrars have altogether stopped the registration of COVID names. But this is a temporary solution to permanent problem

Leave A Comment

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.