INTERPOL and The Nigeria Police Force announced the results of Operation Falcon II, joint operations that led to the arrest of 11 Nigerian business email compromise (BEC) actors. Collaborative in its approach, this operation leveraged intelligence and resources from several industry partners combined with law enforcement entities from over six nations in order to map global victims back to a core subset of actors who have historically operated outside of foreign law enforcement jurisdictions.
BEC remains the most common and most costly threat facing our customers. This threat held the top spot for the fifth year in a row on the 2020 FBI Internet Crime Complaint Center (IC3) report. Over half a decade, global losses have ballooned from $360 million in 2016 to a staggering $1.8 billion in 2020. As we eagerly await the release of the 2021 numbers, our telemetry and experience helping clients respond to BEC attacks suggests that last year’s global losses will once again set new records.
Despite these massive loss amounts, industry and global law enforcement continue to make considerable strides toward thwarting this activity.
Furthermore, this recent operation was novel in its approach in that it didn’t target the easily identifiable money mules or flashy Instagram influencers who are typically seen benefiting from these schemes. Instead, it focused predominantly on the technical backbone of BEC operations by targeting the actors who possess the skills and knowledge to build and deploy the malware and domain infrastructure used in these schemes. Of the individuals arrested, we track six out of the 11 actors as being SilverTerrier (Nigerian malware) actors who have successfully avoided prosecution for the past half decade due to the complexities of mapping global victims beyond the flow of stolen funds back to the source of malicious network activity.
Palo Alto Networks customers are protected against the types of BEC threats discussed in this blog by products including Cortex XDR and the WildFire, Threat Prevention, AutoFocus and Advanced URL Filtering subscription services for the Next-Generation Firewall.