Security News > 2020 > May > Businesses: Beware of COVID-19 email compromise scams
BEC attacks are targeted at businesses that do a lot of invoicing or wire transfers, with the goal of scamming them using social engineering into sending money to attackers.
BEC attacks can use malware to gain access to computers used by invoice approvers and other financial decision-makers and use their credentials to wire themselves money, as well as harvest other kinds of personal information for use in other scams.
The attackers have cast a wide net with these attacks, targeting "Organizations that are critical to COVID-19 response efforts. Specifically, we find it alarming that several of these campaigns recklessly included targets at government healthcare agencies, local and regional governments, large universities with medical programs/centers, regional utilities, medical publishing firms, and insurance companies," Palo Alto Networks said in its report.
Attackers frequently use older vulnerabilities as the basis for attacks, largely because many organizations lag behind at patching serious vulnerabilities, and many continue to be vulnerable to common and well-documented exploits.
SilverTerrier's COVID-19 BEC attacks are no different and are another lesson for companies lax about security updates and software patches: If you're using software with well-known vulnerabilities it isn't a matter of if an attack will come, but when.