Contents:
A new group called “Crimson Kingsnake” is on the rise. The group is making use of business email compromise (BEC) attacks and impersonates lawyers from well-known law firms, to trick recipients into approving invoices for overdue payment of services provided to the recipient a year ago.
This strategy establishes a strong foundation for the BEC attack since receivers can feel scared if they receive emails from prestigious law firms like those used in the scams.
Crimson Kingsnake’s Attack Strategy
Cyber analysts have identified 92 domains linked to the threat actor since their discovery in March earlier this year. By enabling a typosquatting approach and using an address that at first glance appears authentic, the threat actors would be efficient in tricking the victims.
The emails are written professionally with on-time delivery and include the letterheads and logos of the impersonated companies. According to BleepingComputer, these are some of the law firms impersonated by the threat group:
- Allen & Overy
- Clifford Chance
- Deloitte
- Dentons
- Eversheds Sutherland
- Herbert Smith Freehills
- Hogan Lovells
- Kirkland & Ellis
- Lindsay Hart
- Manix Law Firm
- Monlex International
- Morrison Foerster
- Simmons & Simmons
- Sullivan & Cromwell
The phishing emails do not target specific countries or businesses, but they are rather distributed randomly. If any receivers fall for the trap and inquire about the invoice further, Crimson Kingsnake answers by giving a fictitious account of the service that was rendered. If any recipients fall for the trap and ask more questions about the invoice, Crimson Kingsnake responds by providing a fabricated report of the service that was provided.
Even while BEC attacks make up a very small portion of the everyday phishing emails that are sent out to inboxes all over the world, the problem nonetheless affects many billions of people. FBI declared that between 2016 and 2019, the reported BEC cases amounted in losses worth $43 billion, while in 2021 alone, $2.4 billion in losses were reported.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.