Brinztech Alert: Business Data of Various Countries are on Sale

Dark Web News Analysis

A threat actor on a known cybercrime forum is claiming to sell a collection of business databases that they allege are from the USA, UK, and Ireland. According to the seller’s post, the data is not a random list but has been highly filtered by specific financial indicators. The databases purportedly include business names and office phone numbers, and can be sorted by the company’s banking institution and their estimated revenue or cash on hand. The seller is soliciting collaboration with established teams or offering the “leads” for direct sale.

This claim, if true, represents the sale of a sophisticated targeting service for corporate fraud. By providing data that is already filtered by financial value and banking relationships, the seller is offering a “supermarket” for criminals who specialize in Business Email Compromise (BEC) and “whale phishing” attacks. This allows malicious actors to bypass low-value targets and focus their most convincing scams on the companies from which they can extract the most money.

Key Cybersecurity Insights

This alleged data sale presents a critical and widespread threat to businesses:

• A “Supermarket” for High-Value BEC and “Whale Phishing”: The most severe risk is the availability of a highly curated target list. By allowing criminals to select businesses based on their bank and revenue, this service provides the perfect toolkit for launching devastatingly effective BEC and “whale phishing” attacks against high-value corporate targets.
• High Risk of Sophisticated, Bank-Specific Scams: With knowledge of a company’s name and the specific bank they use, criminals can launch incredibly convincing vishing (voice phishing) and spear-phishing campaigns. They can impersonate the company’s real bank with a high degree of credibility to trick finance departments into authorizing fraudulent wire transfers.
• Potential Breach of a Major Financial Data Broker: A database this comprehensive, with detailed and filtered financial indicators for businesses across three countries, is unlikely to come from multiple, separate breaches. The source is almost certainly a major B2B data broker, a financial services provider, or a credit reporting agency that aggregates this type of information.

Mitigation Strategies

In response to this threat, all businesses in the targeted countries must be on high alert:

• Assume Your Company is on the List: The primary mitigation strategy is to operate under the assumption that your company’s financial details and banking relationships are known to criminals. This requires a heightened state of vigilance for all inbound communications, especially to the finance department.
• Mandate Multi-Factor Authentication (MFA) Universally: This is the single most effective defense against the most likely uses of this data (credential theft and account takeover). MFA must be enforced for all employees on all critical systems, especially email, financial platforms, and remote access solutions.
• Enhance Scrutiny of all Financial Transactions: All businesses must warn their finance and accounts payable departments to be on the highest alert for BEC and invoice fraud. All requests for wire transfers or changes to vendor payment details must be rigorously verified through a secondary, out-of-band channel (such as a phone call to a previously known, trusted number).

Secure Your Organization with Brinztech As a cybersecurity provider, we can protect your business from the threats discussed here. Contact us to learn more about our services.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com