AI-Powered Cybercriminal Syndicate Swaps Invoices in Business Email Attacks
An emerging cybercriminal syndicate known as GXC Team has recently developed a powerful tool that utilizes artificial intelligence (AI) to facilitate its illegal activities. Resecurity, a provider of cybersecurity services, has identified this syndicate and their tool, known as Business Invoice Swapper. This tool allows cybercriminals to generate fraudulent invoices, which are then embedded within a business email compromise (BEC) attack.
The Business Invoice Swapper tool is equipped with proprietary algorithms that scan compromised emails, using POP3/IMAP4 protocols. It searches for messages that mention invoices or contain attachments with payment details. Once a relevant email is detected, the tool modifies the banking information of the intended recipient with automatically generated information. The altered invoice can either replace the original message or be sent to a predetermined list of contacts.
Furthermore, the interface for Business Invoice Swapper contains options to configure SMTP settings for sending out emails that include the fabricated invoices. Additionally, the tool has a feature that sends reports to a designated Telegram channel for command-and-control communication. This functionality also provides details about the generated invoices.
To use the tool, the operator must input a list of compromised email accounts to be scanned. This process involves specifying credentials, as well as IBAN and BIC codes that will be used for the swapping or spoofing process in the documents. Currently, the tool primarily targets more than 300 entities, with attacks mainly focused on the United Kingdom, Spain, France, Poland, Italy, Germany, and Switzerland.
Cybercriminals can access the Business Invoice Swapper tool by subscribing for a weekly fee of $2,000 or by paying a one-time fee of $15,000 for unlimited use.
Gene Yoo, the CEO of Resecurity, warns that the level of sophistication enabled by Business Invoice Swapper requires organizations to exercise much higher levels of vigilance when processing invoices. He emphasizes that organizations should avoid automatically paying and issuing payments without thoroughly verifying invoice details. Yoo also advises organizations to review any payments made outside of the normal workflow, as many fake invoices are accompanied by urgent messages. Furthermore, organizations must come to terms with the fact that it has become much simpler for cybercriminals to wire funds using various online services, which adds to the risk.
While AI tools may assist organizations in identifying fake invoices, Yoo notes that these tools need to be continuously updated with fresh data to keep up with evolving tactics and techniques. Therefore, it is crucial for humans to review payments, complemented by AI-based systems.
The extent to which AI in the hands of cybercriminals may disrupt invoice processing workflows remains unclear. However, it is certain that fraudulent activities will increase exponentially, potentially resulting in organizations collectively losing billions of dollars that may never be recovered. The current challenge lies in ensuring that enough human expertise, aided by machines, is in place to prevent such attacks.
In conclusion, the emergence of the AI-powered cybercriminal syndicate and their Business Invoice Swapper tool highlights the need for heightened vigilance among organizations when it comes to processing invoices. With the potential for significant financial losses, organizations must adapt their workflows and adopt robust measures to combat the evolving threat landscape.
