Cosmic Lynx: Russian Group Behind BEC Attacks

Why target an individual when you can go after more lucrative targets like large MNCs and achieve greater rewards? This is what the Russian cybercriminal group called ‘Cosmic Lynx’ is doing right now! This group of cybercriminals has been launching numerous Business Email Compromise (BEC) attacks targeting several MNCs, especially those listed in the Fortune 500 or Global 2000!

Who is Cosmic Lynx?

Cosmic Lynx is a sophisticated cybercriminal group that has launched around 200 BEC campaigns targeting large MNCs worldwide. They have been active since 2019, wreaking havoc specifically in 46 countries across six continents. The group impersonates C-level executives of companies that are listed in the Fortune 500 or Global 2000 to trick the employees.

Cosmic Lynx is well prepared to carry out several BEC attacks. The cybercriminal group has acquired numerous domains that imitate popular and secure email infrastructures or networks. They have registered several domains with NiceVPS, which is popularly known for its bulletproof hosting and anonymity in domain services.

What is BEC Attack?

According to HelpNet Security, over the course of one year between June 2020 and May 2021, 71% organizations have reported cyber attacks.

A business email compromise is a type of email-based attack that incorporates the concepts of spoofing, spear phishing, impersonation, etc. The BEC attack is carried out by targeting an employee or an individual by impersonating another authentic individual or organization. The cybercriminals manipulate the target victim into making financial transactions or sharing crucial information. Among all the cyber threats, the BEC attacks are the most infamous for incurring immense financial damage to organizations.

How Cosmic Lynx Carried Out BEC Attack?

According to an article from Computer Weekly, Cosmic Lynx’s method of targeting the victim involves a dual impersonation scheme. The first is to impersonate a CEO of an organization and pretend to expand the business operations in Asia. They reach out to the target employee to approach external legal counsel for the acquisition payments. 

Then they impersonate a legitimate U.K.-based law firm lawyer to facilitate the transaction. In order to receive the stolen funds, they use Hong Kong-based mule accounts, but sometimes they also work with others from countries like Portugal, Hungary, and Romania. On average, they receive $55,000 in US currency. However, they demand hundreds of thousands, if not millions, of dollars from the target. 

How to Prevent BEC Attacks?

According to the article by HelpNet Security, 50% of all BEC attacks are carried out by spoofing the identity of an individual. Among these spoofed emails, 68% use the name of the company, 66% use the target’s name, and 53% use the name of the target’s managers.

It becomes alarming when cybercriminals bypass a security system to steal an organization’s valuable information and money. Even though every organization has various cybersecurity protocols and controls in place, cybercriminals are growing more sophisticated and are coming up with new techniques and tactics to penetrate the security walls.

So, organizations should stop relying on outdated IT infrastructure and basic cybersecurity protocols. Conversely, organizations should come up with more comprehensive security measures that are more advanced and sophisticated. In short, organizations should come up with a method that should prevent destructive BEC attacks from harming the organization and its employees in any form.

Email Security Solution to Prevent BEC Attacks

There are several measures an organization can take to protect itself against the threat of BEC attacks. 

Instruct employees to avoid opening unsolicited emails: The most secure way to avoid the risk of BEC attacks is to instruct all your employees to avoid opening emails from unknown sources in the first place. Before opening an email, employees should always check the sender’s address carefully. They must know how to look for any signs of a spoofed email.

Ask employees to be careful when clicking on links: Keep in mind that hackers can disguise the links in emails using anchor text. However, you can ask your employees to hover over the links embedded in emails to find out their destination. Make sure they know to investigate the link to make sure it’s legitimate before they click on it.

Tell your employees to avoid downloading attachments: Attachments are one of the most common methods used to spread malware through emails. Attachments from unknown sources must never be opened or downloaded without certain precautions. It is always advisable to scan every attachment before downloading even if it’s the one your employees were expecting.

Use a company domain: Using free web-based email accounts for your business makes it easier for malicious actors to spoof the address. It is highly recommended that you create a company domain and use it for your email accounts. Cybercriminals may still try to impersonate your address. However, employees will be able to spot incorrect emails or inconsistencies.

Email authentication: There are three email authentication standards- SPF, DKIM, and DMARC, that can be used to secure your email domain against forgery. 

Security Awareness Training: Every organization can conduct attack vector simulations to identify the vulnerabilities of employees and train them accordingly. This training will increase their cybersecurity awareness and make them vigilant about BEC attacks.

Take Decision and Become Proactive

Whether it is Cosmic Lynx or any other cybercriminal group, impersonation of your email domains can harm your organization in many different ways. The damage can be in terms of money, defamation of your brand, or even a decrease in domain reputation. It also harms the customers’ trust, who are completely relying on your services and choose your business above all. 

Therefore, it is crucial for organizations to implement robust cybersecurity measures to defend against email domain forgery. So, keeping that in mind, it should be mandatory for every organization to protect their businesses, employees, and valuable customers. The best way to do that is by keeping up with the security measures and being one step ahead of the malicious actors.