Businesses: Beware of COVID-19 email compromise scams

Palo Alto Networks has found 10 separate coronavirus-themed business email compromise campaigns, and all can be tied back to a single Nigerian group called SilverTerrier.

COVID-19: Security risks are increasing as more people work from home

Cybersecurity firm Palo Alto Networks has found evidence of a large-scale and very active business email compromise (BEC) campaign targeting businesses and fears over the COVID-19 pandemic.

SEE: Coronavirus: Critical IT policies and tools every business needs (TechRepublic Premium)

BEC attacks are targeted at businesses that do a lot of invoicing or wire transfers, with the goal of scamming them using social engineering into sending money to attackers. Alternatively, BEC attacks can use malware to gain access to computers used by invoice approvers and other financial decision-makers and use their credentials to wire themselves money, as well as harvest other kinds of personal information for use in other scams.

The FBI's Internet Crime Compliance Center lists BEC attacks as the most profitable form of cybercrime in 2019, despite accounting for far fewer attacks than phishing, data breaches, and extortion. 

The string of attacks discovered by Palo Alto Networks have all been tied to Nigerian hacking group SilverTerrier, and have been discovered since Jan. 30, 2020. The attackers have cast a wide net with these attacks, targeting "organizations that are critical to COVID-19 response efforts. Specifically, we find it alarming that several of these campaigns recklessly included targets at government healthcare agencies, local and regional governments, large universities with medical programs/centers, regional utilities, medical publishing firms, and insurance companies," Palo Alto Networks said in its report.

Targets have been global as well, with phishing emails tied to the campaign found in the United States, Australia, Canada, Italy, and the United Kingdom. Luckily, Palo Alto Networks said, none of the attacks mentioned in its report were successful.

Another round of attacks, and a familiar lesson 

The attacks have mostly come with fake orders for personal protective equipment, fake vaccine-related news, shipping delay notices for COVID-19-related items, and other similarly themed, and commonly seen, email scams. 

Documents attached to the SilverTerrier phishing emails have contained malware, most of which leverages a Microsoft Office memory corruption vulnerability first discovered in 2017, and which Microsoft has already patched.

Attackers frequently use older vulnerabilities as the basis for attacks, largely because many organizations lag behind at patching serious vulnerabilities, and many continue to be vulnerable to common and well-documented exploits.

SilverTerrier's COVID-19 BEC attacks are no different and are another lesson for companies lax about security updates and software patches: If you're using software with well-known vulnerabilities it isn't a matter of if an attack will come, but when.

COVID-19-themed attacks have been common, and are likely to continue to be so for the duration of the pandemic. Because of the immediate threat of COVID-19, it's a tempting target for hackers looking for a way in. 

Businesses that are at risk for BEC attacks, like international organizations and those dealing with large wire transfers, should be extra cautious: Big enterprises are notoriously slower at patching security vulnerabilities due to the sheer volume of machines to account for.

Add in a general stay-at-home order and you have a perfect cybersecurity storm brewing. This isn't the time to become complacent, though: If anything it's the perfect time to patch since many office computers may be sitting unused. Be sure remote workers are being patched as well: They're especially good targets for COVID-19 attacks.

Also see

malwaremail.jpg

Image: vladwel, Getty Images/iStockphoto