Security researchers have identified a highly successful new business email compromise (BEC) group. The group has been named Firebrick Ostrich and has conducted at least 347 campaigns since April 2021. Firebrick Ostrich uses relatively unsophisticated techniques to target organizations, such as open source research to identify existing contracts and vendors, as well as total vendor numbers. This gives the attackers information to use in BEC attacks.
Once the attacker has found useful information, it registers a domain name that has small inconsistencies with the actual domain name used by the legitimate vendor. The BEC emails are often vague due to a lack of information about the vendor customer relationship. Typically, the emails request update to payment details or completion of an outstanding payment. Firebrick Ostrich has impersonated at least 151 different organizations to date, according to security researchers.