Two recent developments in the fight against global cybercriminal organizations should filter into your organization’s risk awareness relative to the events in Europe and the overall cyber threat worldwide.

11 BEC (business email compromise) gang members linked to 50,000 targets arrested by Interpol

In coordination with the Nigerian Police Force, Interpol has arrested 11 individuals suspected of participating in an international BEC (business email compromise) ring.  BEC is a type of attack conducted via email involving the spear-phishing of certain company employees responsible for approving payments to contractors, suppliers, etc. (1).

The arrest of the BEC gang ties into the middleware vulnerability highlighted by OODA CEO Matt Devost in our annual  OODA Alamanac:  “While Bitcoin, Ethereum, and other technologies allow for true decentralization, there is a middleware ecosystem emerging in the form of marketplaces and exchanges that are based on Web2 technologies that are being deployed without proper consideration for cybersecurity best practices.”

In a twist on this cybersecurity challenge,  BEC actors are able to impersonate a coworker, a supervisor, or a client/supplier, to divert payments to another bank account,  very easily stealing them from the targeted company, which in one case last year included the conversion of the stolen funds into a bitcoin cold wallet which was automated upon transfer from the BEC-enabled infiltration.  Essentially a double automated middleware vulnerability gone haywire.  Bleeping Computer reported on the case back in December:

“The United States has taken legal action to seize and return over $154 million purportedly stolen from Sony Life Insurance Company Ltd, a SONY subsidiary, by an employee in a textbook business email compromise (BEC) attack.  According to the government’s complaint, Rei Ishii, an employee of Sony Life Insurance Company Ltd. (“Sony Life”) in Tokyo, allegedly diverted the $154 million when the company attempted to transfer funds between its financial accounts,” the Justice Dept said today. Ishii allegedly did this by falsifying transaction instructions, which caused the funds to be transferred to an account that Ishii controlled at a bank in La Jolla, California.  According to court documents, Ishii switched the transfer address for a Sony Life transaction to use a Silvergate Bank account under his control.  Ishii later converted the stolen funds into more than 3879 bitcoins via A Coinbase set up to automatically transfer all added funds to an offline cryptocurrency cold wallet with a Bitcoin address of bc1q7rhc02dvhmlfu8smywr9mayhdph85jlpf6paqu.”

VPNLab, a Service Used by Ransomware Gangs, Taken Down by Europol

https://twitter.com/Europol/status/1483395277910421505

The Europol press release says it all:   “Unhappy New Year for cybercriminals as VPNLab.net goes offline – Joint action by 10 countries and Europol sees 15 servers taken down.  Law enforcement authorities from 10 countries took down VPNLab.net, a VPN service provider used by ransomware operators and malware actors.  The disruptive joint action was coordinated by Europol and took place on January 17, 2022. It involved simultaneous law enforcement actions in Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the United States, and the United Kingdom.  The law operatives seized 15 servers used by the VPNLab.net service and took down its main site, so the platform is no longer available.  VPNLab.net was established in 2008, offering services based on OpenVPN technology and 2048-bit encryption to provide online anonymity for as little as USD 60 per year. The service also provided double VPN, with servers located in many different countries. This made VPNLab.net a popular choice for cybercriminals, who could use its services to carry on committing their crimes without fear of detection by authorities.”

The arrest was led by the Central Criminal Office of the Hannover Police Department in Germany and was executed under the European Multidisciplinary Platform Against Criminal Threats (EMPACT) security framework objective Cybercrime – Attacks Against Information Systems.

Scoop: DoubleVPN double-encryption service seized by law enforcement.

Server data, logs, and account information of customers seized according to splash screen.https://t.co/OIxw8joCNo

— BleepingComputer (@BleepinComputer) June 29, 2021

Bleeping Computer went on to report that “the VPNLab takedown marks the second time law enforcement has moved against a VPN provider for criminal groups after Europol and Dutch police took down DoubleVPN in June last year.  DoubleVPN is a Russian-based VPN service that double, triple, and even quadruple-encrypts data sent through their service. DoubleVPN is a Russian-based VPN service that double, triple, and even quadruple-encrypts data sent through their service.” (2)

Related Reading:

Black Swans and Gray Rhinos

Now more than ever, organizations need to apply rigorous thought to business risks and opportunities. In doing so it is useful to understand the concepts embodied in the terms Black Swan and Gray Rhino. See: Potential Future Opportunities, Risks and Mitigation Strategies in the Age of Continuous Crisis

Cybersecurity Sensemaking: Strategic intelligence to inform your decisionmaking

The OODA leadership and analysts have decades of experience in understanding and mitigating cybersecurity threats and apply this real world practitioner knowledge in our research and reporting. This page on the site is a repository of the best of our actionable research as well as a news stream of our daily reporting on cybersecurity threats and mitigation measures. See: Cybersecurity Sensemaking

Corporate Sensemaking: Establishing an Intelligent Enterprise

OODA’s leadership and analysts have decades of direct experience helping organizations improve their ability to make sense of their current environment and assess the best courses of action for success going forward. This includes helping establish competitive intelligence and corporate intelligence capabilities. Our special series on the Intelligent Enterprise highlights research and reports that can accelerate any organization along their journey to optimized intelligence. See: Corporate Sensemaking

Artificial Intelligence Sensemaking: Take advantage of this mega trend for competitive advantage

This page serves as a dynamic resource for OODA Network members looking for Artificial Intelligence information to drive their decision-making process. This includes a special guide for executives seeking to make the most of AI in their enterprise. See: Artificial Intelligence Sensemaking

COVID-19 Sensemaking: What is next for business and governments

From the very beginning of the pandemic we have focused on research on what may come next and what to do about it today. This section of the site captures the best of our reporting plus daily daily intelligence as well as pointers to reputable information from other sites. See: OODA COVID-19 Sensemaking Page.

Space Sensemaking: What does your business need to know now

A dynamic resource for OODA Network members looking for insights into the current and future developments in Space, including a special executive’s guide to space. See: Space Sensemaking

The OODAcast Video and Podcast Series

In 2020, we launched the OODAcast video and podcast series designed to provide you with insightful analysis and intelligence to inform your decision making process. We do this through a series of expert interviews and topical videos highlighting global technologies such as cybersecurity, AI, quantum computing along with discussions on global risk and opportunity issues. See: The OODAcast