FOSTER CITY, Calif. (Oct. 2, 2019) – Agari, the next-generation Secure Email Cloud that restores trust to the inbox, released today its quarterly Threat Actor Dossier researched and developed by the Agari Cyber Intelligence Division (ACID). The Dossier delves into the shadowy world of a West African cybercriminal organization ACID has dubbed Silent Starling: 

  • 500+ companies in 14 countries affected (97% of vendor victims in the US, Canada, and the UK)
  • 700+ employee email accounts compromised with OneDrive and DocuSign credential phishing campaigns
  • 20,000+ emails stolen since late-2018
  • 39 employees compromised at a single US-based company

“We specifically stood up ACID ttrack down bad actorspropagating harm to consumers and businesses,” said Patrick R. Peterson, CEO, Agari.  We learn cybercriminal organizations’ new tactics through the ACID active engagements and then work with law enforcement to take them down, while at the same time providing intelligence, like money mule accounts and phishing websites, to our customers.

Silent Starling’s preferred type of attack is a rapidly emerging frobusiness email compromise, to one Agari has coined vendor email compromise (VEC). This type of attack is unique in that it targets the global supply chain, using incredibly realistic-looking emails to trick a supplier’s customers into paying fake invoices. Due to its covert nature, VEC is very difficult for legacy systems to detect.   

To start their attack, Silent Starling associates hijack the email accounts of employees typically in a vendor’s finance department, like accounts receivable or procurement. They then patiently wait and spy on all communications coming into these compromised mailboxes, gathering intelligence, data and, critical context. This information enables Silent Starling associates to then craft and send perfectly timed emails asking for an invoice to be paid, using the identity of the employee they have been spying on. 

This type of attack is particularly hard to spot, as it mimics the look and feel of legitimate communicationThe only difference is that the invoice sent to a vendor’s customer contains details for the scammer’s bank account instead of the vendor 

Legacy technology cannot pick up on socially engineered attacks backed by contextual information, making VEC the biggest threat coming around the corner.  

Our visibility into Silent Starling’s operations has given us a direct and in-depth look at how the entire VEC attack chain unfolds,” said Crane Hassold, senior director of threat research at Agari and head of ACID. “VEC is the next evolution of business email compromise (BEC). These attacks will continue to increase in frequency over the next 12 to 18 months because the financial return for scammers is very significant.”  

Cumulative losses associated with this scam are difficult to calculate, as companies don’t reveal the information publicly unless included in an indictment. FinCEN recently reported that average VEC scam costs a victim company more than $125,000, compared to $50,000 in a classical CEO impersonation BEC attack. 

Given the scale and severity of VECAI and machine learning technology is the only mechanism that stands a chance of mitigating attacks from Silent Starling and cybergangs like it.  

Peterson concluded, “ACID is a tangible and outward sign of the fulfillment of Agari’s mission, which is to protect digital communications to ensure humanity prevails over evil.” 

Download the full report or register for the Silent Starling webinar, hosted by Crane Hassold. 

 

About Agari
Agari is transforming the legacy Secure Email Gateway with its next-generation Secure Email Cloud powered by predictive AI. Leveraging data science and real-time intelligence from trillions of emails, the Agari Identity Graph™ detects, defends and deters costly advanced email attacks including business email compromise, spear phishing and account takeover. Winner of the 2018 Best Email Security Solution by SC Magazine, Agari restores trust to the inbox for government agencies, businesses and consumers worldwide. Learn more at www.agari.com.

Media Contact
Jean Creech Avent
Sr. Director, Global Corporate Communications
Agari
+1 843-986-8229
jcreech@agari.com