While the Coronavirus is spreading worldwide cybercriminals and nation-state actors are launching COVID19-themed attacks on a global scale.
Most of the attacks aimed at spreading malware to control victims’ computers and stealing sensitive data, but now a cybercrime gang, tracked as Ancient Tortoise, is launching BEC attacks taking advantage of the COVID-19 outbreak.
According to a report shared by Agari Cyber Intelligence Division (ACID) researchers with BleepingComputer, crooks are launching Coronavirus-themed BEC attacks.
The researchers received a coronavirus-themed scam email that attempted to trick victims into using a different bank account for the payment due to the COVID-19 outbreak.
“Due to the news of the Corona-virus disease (COVID-19) we are changing banks and sending payments directly to our factory for payments, so please let me know total payment ready to be made so i can forward you our updated payment information,” reads the scam email.
The Ancient Tortoise’s BEC message includes details of a Hong Kong mule account and instructs victims to send the money to it.
Researchers noticed that it took about three weeks for the attackers to send the coronavirus-themed scam email after they have initially established a contact with them.
“It took about three weeks for the attackers to send the coronavirus-themed scam email after their initial contact with the researchers, between February 17th when the request for an aging report landed in Agari’s inboxes and March 9th when they launched the final attack on the fake vendor.” reported BleepingComputer.
To defend against BEC attacks, Agari experts recommend vendors and suppliers to implement strong email authentication and anti-phishing email protections.
Any organization that has regularly pay external suppliers is recommended to set up a formal process for handling outgoing payments, especially when some changes are reported in the normal payment procedure (i.e. A change of the bank account).
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, BEC)
[adrotate banner=”5″]
[adrotate banner=”13″]
Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability. Over…
A ransomware attack on a Swedish logistics company Skanlog severely impacted the country's liquor supply. …
CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities…
U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog.…
The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of a cryptocurrency mixer…
Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics…
This website uses cookies.