Financial Sector Business Leaders Targeted by Cyberattacks from India

Companies in financial services, consulting and healthcare, along with business leaders, have been targeted by hackers from India using accounts spoofing the World Health Organization (WHO). 

Not all spam and phishing campaigns are used in the same way. Regular users usually encounter mass distributed attacks with no particular target. Bad actors use massive volumes of emails to catch anybody they can. 

Targeted phishing, meanwhile, is usually aimed directly at company employees. Most of the time, these messages are crafted in such a way to trick people into using their credentials to log in to spoofed websites that imitate official resources. Now, with the COVID-19 pandemic in full swing, the messages claim to come from the WHO. It’s just another method to give credence to the phishing campaigns. 

There is a third type of phishing campaign, known as a whaling attack, that consists of highly specialized messages targeting business leaders and executives. 

Google’s Threat Analysis Group (TAG) has tracked a number of these campaigns in 2020, including one that has been using Gmail accounts spoofing WHO. 

“The accounts have largely targeted business leaders in financial services, consulting, and healthcare corporations within numerous countries including the U.S., Slovenia, Canada, India, Bahrain, Cyprus, and the U.K.,” states Google’s report. 

“The lures themselves encourage individuals to sign up for direct notifications from the WHO to stay informed of COVID-19 related announcements, and link to attacker-hosted websites that bear a strong resemblance to the official WHO website.” 

Hackers’ goals were clear, as they attempted to steal Google account credentials, along with other personal information, including phone numbers. Such details, especially coming from executives in companies, can be used in BEC attacks (business email compromise), a method widely used by criminals to defraud businesses. 

The WHO spoofing spam and phishing is not going to stop anytime soon and, just like the virus itself, we may need to live with it for the foreseeable future.

*** This is a Security Bloggers Network syndicated blog from Business Insights In Virtualization and Cloud Security authored by Silviu STAHIE. Read the original post at: