According to the recently released annual report from the Internet Crime Complaint Centre, IC3, the FBI observed a record 23,775 Business Email Compromise, BEC, attacks in 2019. Significantly greater than all other categories of cybercrime over the same period, these attacks resulted in an estimated $1.77 billion in global losses.
With the global impacts of Covid-19, an unprecedented number of corporations are expediting their cloud infrastructure migrations, all while transitioning to a largely remote workforce that is understandably interested in all topics related to the virus. Given this trend, it should come as no surprise that BEC actors are seizing opportunities to exploit the situation through tailored phishing campaigns related to Covid-19.
Focusing on one of the most active subsets of the global threat landscape, Palo Alto Networks Unit 42 tracks Nigerian cyber criminals involved in BEC activities under the name SilverTerrier. From January 30 to April 30, Unit 42 observed three SilverTerrier actors or groups launch a series of 10 Covid-19 themed malware campaigns. These campaigns have produced over 170 phishing emails seen across our customer base. While broad in their targeting, these actors have exercised minimal restraint in terms of targeting organisations that are critical to Covid-19 response efforts.
Specifically, it is alarming that several of these campaigns recklessly included targets at government healthcare agencies, local and regional governments, large universities with medical programmes or centres, regional utilities, medical publishing firms, and insurance companies across the United States, Australia, Canada, Italy, and the United Kingdom.
None of the malicious campaigns were successful in infecting their intended targets. Palo Alto Networks security service offerings, URL Filtering, WildFire, and Threat Prevention, detect and classify all samples and associated infrastructure as malicious.