US Agencies Warn of BEC Attacks Targeting Food Shipments

Category: Threat Actor Activity | Industries: Food & Beverage, Transportation | Level: Strategic | Source: IC3

A joint advisory issued by the Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the US Department of Agriculture (USDA) warns of a business email compromise (BEC) phishing campaign used by cybercriminals to steal food shipments. The value of the stolen goods could range in the hundreds and thousands. Additionally, there's a risk the criminals will resell the goods for profit whilst neglecting any "food safety regulations and sanitation practices, risking contamination or omitting necessary information about ingredients, allergens, or expiration dates. Counterfeit goods of lesser quality can damage a company’s reputation." To compromise the target's email accounts, spearphishing emails are recognized as the most prominent technique for initial access often containing malicious links or attachments. Alternatively, the threat actors can use spoofed email addresses, by adding an additional letter to an email address they wish to disguise.

During the BEC attack, the threat actors will attempt to improve the legitimacy of the email by using the names of the targeted company’s employees and incorporating the company’s logos throughout emails and documents. A line of credit is often used as "payment" for the targeted item, through a falsified credit application. "The scammer provides the actual information of a legitimate company, so the credit check results in an approval of the application. The victim company ships the product but never receives payment." Five BEC incidents were shared by US agencies that occurred during 2022. The threat actors targeted suppliers and distributors of sugar and powdered milk. The value of shipments in those incidents ranged from $100,000 to as high as $600,000. Whilst some companies were perceptive to spot the spoofed email addresses to avoid loss of supplies, others were not so fortunate only spotting or realizing the scam after shipments have been distributed.

‍