IBM X-Force, the cybersecurity intelligence and research unit of IBM, has reportedly discovered a cybercriminal ring operating out of Ukraine targeting Canadian businesses.
Recent reports in Security Intelligence said the criminals are deploying custom phishing attacks against business customers of Canadian banks to gain access to their bank credentials, passwords and authentication codes. The attackers send a spear phishing email to a target with seemingly legitimate contents, including a bank logo.
The emails are sent with PDF attachments designed to hide from detection tools. Analysts said it is possible that the criminals may have first deployed an earlier attack on their targets to learn more about the companies' account information before launching the PDF-related attack. The PDFs urge readers to synchronize their devices and re-activate with one-time passwords and tokens, while links in the PDF send users to phishing sites.
The scheme is designed to give attackers access to business bank accounts.
According to IBM X-Force, the same attackers have also been operating a separate ring targeting consumers, though cybercriminals have recently been heightening their focus on corporate victims and high-value accounts.
The cybercrime ring identified by IBM X-Force is one of several that have taken to targeting businesses in recent months. Last June, in the wake of WannaCry, Bloomberg reported on another “massive cyberattack” originating in Europe. Investigators found Mondelez International, A.P. Moller-Maersk and BNP Paribas Real Estate to be among the targeted victims.
A research report released in October by Deutsche Bank and Economist Intelligence Unit found cybercriminals are particularly interested in targeting the corporate treasury department, which holds a trove of sensitive company and customer data.
“Sophisticated cybercriminals often use social engineering and insight information to execute high-value thefts via corporate treasuries,” said Deutsche Bank head of cash management Michael Spiegel, in a statement at the time. “Our research has identified serious gaps in corporate defense, including vulnerabilities hidden with third parties and their subcontractors. This gives cybercriminals the opportunity to steal data.”