FOSTER CITY, Calif. (Oct. 2, 2019) – Agari, the next-generation Secure Email Cloud that restores trust to the inbox, released today its quarterly Threat Actor Dossier researched and developed by the Agari Cyber Intelligence Division (ACID). The Dossier delves into the shadowy world of a West African cybercriminal organization ACID has dubbed Silent Starling:
“We specifically stood up ACID to track down bad actors, propagating harm to consumers and businesses,” said Patrick R. Peterson, CEO, Agari. “We learn cybercriminal organizations’ new tactics through the ACID active engagements and then work with law enforcement to take them down, while at the same time providing intelligence, like money mule accounts and phishing websites, to our customers.”
Silent Starling’s preferred type of attack is a rapidly emerging from business email compromise, to one Agari has coined vendor email compromise (VEC). This type of attack is unique in that it targets the global supply chain, using incredibly realistic-looking emails to trick a supplier’s customers into paying fake invoices. Due to its covert nature, VEC is very difficult for legacy systems to detect.
To start their attack, Silent Starling associates hijack the email accounts of employees typically in a vendor’s finance department, like accounts receivable or procurement. They then patiently wait and spy on all communications coming into these compromised mailboxes, gathering intelligence, data and, critical context. This information enables Silent Starling associates to then craft and send perfectly timed emails asking for an invoice to be paid, using the identity of the employee they have been spying on.
This type of attack is particularly hard to spot, as it mimics the look and feel of legitimate communication. The only difference is that the invoice sent to a vendor’s customer contains details for the scammer’s bank account instead of the vendor.
Legacy technology cannot pick up on socially engineered attacks backed by contextual information, making VEC the biggest threat coming around the corner.
“Our visibility into Silent Starling’s operations has given us a direct and in-depth look at how the entire VEC attack chain unfolds,” said Crane Hassold, senior director of threat research at Agari and head of ACID. “VEC is the next evolution of business email compromise (BEC). These attacks will continue to increase in frequency over the next 12 to 18 months because the financial return for scammers is very significant.”
Cumulative losses associated with this scam are difficult to calculate, as companies don’t reveal the information publicly unless included in an indictment. FinCEN recently reported that average VEC scam costs a victim company more than $125,000, compared to $50,000 in a classical CEO impersonation BEC attack.
Given the scale and severity of VEC, AI and machine learning technology is the only mechanism that stands a chance of mitigating attacks from Silent Starling and cybergangs like it.
Peterson concluded, “ACID is a tangible and outward sign of the fulfillment of Agari’s mission, which is to protect digital communications to ensure humanity prevails over evil.”
Agari is transforming the legacy Secure Email Gateway with its next-generation Secure Email Cloud powered by predictive AI. Leveraging data science and real-time intelligence from trillions of emails, the Agari Identity Graph™ detects, defends and deters costly advanced email attacks including business email compromise, spear phishing and account takeover. Winner of the 2018 Best Email Security Solution by SC Magazine, Agari restores trust to the inbox for government agencies, businesses and consumers worldwide. Learn more at www.agari.com.
Jean Creech Avent
Sr. Director, Global Corporate Communications