Authorities Arrest ‘Prominent’ Nigerian BEC Threat Actor

No doubt remote work has tilled fertile ground for miscreants bent on executing business email compromise (BEC) scams, which is why it’s good news that authorities have one operator—from Nigeria—in custody.

As part of a joint initiative called Operation Delilah, the Nigerian police force arrested what they referred to as a “prominent” actor in the SilverTerrier Network that wreaked havoc on companies globally.

“Following the arrest of 11 BEC actors as part of Operation Falcon II in December 2021, this recent operation is significant in that it demonstrates the resolve of global law enforcement to hold BEC actors accountable despite temporary setbacks,” according to Palo Alto Networks Unit 42 researchers who provided intelligence to Operation Delilah.

The bad actor left Nigeria in 2021 with authorities hot on his trail. He tried to return again in March but was detained, then arrested. “We have identified over 240 domains that were registered using this actor’s aliases,” Unit 42 researchers wrote in a blog post. “Of that number, over 50 were used to provide command and control for malware. Most notably, this actor falsely provided a street address in New York City associated with a major financial institution when registering his malicious domains.”

Investigators found a connection between this latest BEC player and Onuegbu Ifeanyi Ephraim, Darlington Ndukwu and Onukwubiri Ifeanyi Kingsley, who were arrested in 2021 as part of Operation Falcon II and noted he is believed to be linked to other known BEC actors.

BEC schemes have been a thorn in the side of organizations around the world, topping the FBI Internet Crime Complaint Center (IC3) report for six years straight. In that time period, the scams have grown from $360 million to $2.3 billion in 2021.

“While BEC attacks don’t receive the daily headlines that ransomware does, they remain a highly profitable cybercrime venture,” said Rick Holland, CISO, vice president of strategy at Digital Shadows. “BEC’s targeted and methodical nature means the volume of the attacks isn’t on the same scale as extortion; however, the profits are still there.”

The threat of BEC attacks was exacerbated by the pandemic. “Without being able to walk over to another person’s desk in the office, employees will have a much harder time validating unknown texts or emails,” said Hank Schless, senior manager, security solutions, Lookout. “People are relying on their smartphones and tablets more than ever to communicate with their colleagues while they’re out of the office, which presents a number of issues,” including a lack of security tools and protections found for traditional endpoints, he said.

“Mobile devices exist at the intersection of our work and personal lives. Being phished through social media or SMS on the same device you use for work could compromise your work data just as much as your personal data,” said Schless.

And it is more difficult to identify a spearphishing attack on a mobile device. “Since mobile devices have smaller screens and a simplified user experience, that means you can’t preview link destinations or verify the sender’s identity,” he said. “A lot of the red flags we’re trained to spot on desktops are nearly impossible to see on mobile.”

Those security holes haven’t gone unnoticed by threat actors, who “are using remote work to their advantage to execute bigger BEC attacks,” making mobile phishing attacks “the biggest concern for IT and security teams,” said Schless. “Remote workers and the mobile devices they use to stay productive are outside the bounds of traditional security tools that you have set up in the office.”

Joseph Carson, chief security scientist and advisory CISO at Delinea, concurred. “At a time when employees continue to work remotely, it is more difficult than ever to verify with a colleague whether the request is legitimate,” said Carson. “When it appears to be urgent, most people will fall for such scam.”

Among the biggest challenges with BEC incidents “is that you have to provide evidence that your account was indeed compromised and the incident was not just human error,” he said. “With cybercriminals so good at hiding their tracks, such evidence can sometimes be very difficult to gather.”

And BEC actors are often able to fly under the radar. “The groups don’t become household names and avoid having large targets on their backs,” said Holland.

Even though the gateway to both BEC and ransomware continues to be a familiar foe—phishing—defenders face an uphill battle. “You can’t stop phishing—which comes from legitimate services—with employee awareness training,” said Patrick Harr, CEO at SlashNext. “At the same time, current defenses are not tuned to find these types of attacks.”

Unit 42 researchers praised the collaborative effort that led to the Nigerian scammer’s arrest. “This level of international cooperation—tracking of actors as they travel internationally and subsequent apprehension of actors upon returning to their home countries—represents a laudable advancement in the ability of global law enforcement organizations to combat these types of crimes,” the researchers wrote.

But researchers said the scams likely will continue to thrive. “BEC attacks will remain viable for as long as the support structure that enables it remains intact,” said Sounil Yu, CISO at JupiterOne. “We believe that there are thousands of actors driving these activities; therefore, a few arrests will not make a considerable difference.”

Avatar photo

Teri Robinson

From the time she was 10 years old and her father gave her an electric typewriter for Christmas, Teri Robinson knew she wanted to be a writer. What she didn’t know is how the path from graduate school at LSU, where she earned a Masters degree in Journalism, would lead her on a decades-long journey from her native Louisiana to Washington, D.C. and eventually to New York City where she established a thriving practice as a writer, editor, content specialist and consultant, covering cybersecurity, business and technology, finance, regulatory, policy and customer service, among other topics; contributed to a book on the first year of motherhood; penned award-winning screenplays; and filmed a series of short movies. Most recently, as the executive editor of SC Media, Teri helped transform a 30-year-old, well-respected brand into a digital powerhouse that delivers thought leadership, high-impact journalism and the most relevant, actionable information to an audience of cybersecurity professionals, policymakers and practitioners.

teri-robinson has 196 posts and counting.See all posts by teri-robinson