It noted that attackers are carrying out increasingly common scam known as business email compromise in which they attempt to pose as a company insider such as the CEO, requesting a money transfer to an outside account.
According to the report
“Targets included companies in a very broad range of sectors from small businesses to the largest multinational corporations”
“Of the ‘London Blue’ hit list, 71% of targets held the title CFO, while the remainder were senior members of finance teams including finance directors, controllers and members of accounting. The majority of targets are based in the US, with remaining targets based in a host of nations including Spain, the UK, Finland, and Egypt.”
How the Group works
The Agari report noted that London Blue group operates like a modern corporation and has people working on business intelligence, sales, email marketing, financial operations and Human resources.
It carries out attacks in multiple languages and has at least 17 collaborators in the United States, United Kingdom and other Western European countries.
Agari said it became aware of London Blue after the group tried to trick the security firm’s own CFO in August.
“we then engaged actively with the attacker, giving us an initial glimpse of the gang that we would widen into a penetrating X-ray.”
Recently, Marriot, an American multinational with diversified investment in the hospitality business and franchises a broad portfolio of hotels, raised an alarm that its guest reservation system has been hacked, potentially exposing the personal information of approximately 500 million guests.
Agari is a leading cybersecurity company, that protects people and businesses against cybercriminals who use false identities to commit fraud, steal information and undermine trust in digital business.
The Agari Email Trust Platform is the industry’s only artificial intelligence (AI) driven defence system that models authentic, trustworthy communications to protect humans from being deceived by cyberattacks such as phishing, ransomware and business email compromise (BEC).