It has just been revealed that the Nigerian cyber-crime group known as ‘SilverTerrier’ is now targeting healthcare entities that are vital to COVID-19 response. New advice is “apply extra scrutiny to COVID-19-related email attachments.”
Palo Alto Networks’ Unit 42 threat intelligence team has now released some deeply disturbing research that describes how a Nigerian cybercrime group, ‘SilverTerrier’ ‘is currently targeting healthcare organisations that are deemed critical to the COVID-19 response.
Business Email Compromise
This report, named “SilverTerrier: New COVID-19 Themed Business Email Compromise Schemes“, explains how Business Email Compromise (BEC) players are recklessly targeting COVID-related campaigns at Govt healthcare agencies, large universities with medical programmes in addition medical publishing firms & insurance companies across the United States, Australia, Canada, Italy, & the UK.
What this Nigerian cyber-crime group, SilverTerrier, have been doing were multiple COVID-19 themed malware attacks from Jan 30 to April 30. These campaigns altogether have produced 170 separate phishing emails say researchers and have demonstrated the ominous term “minimal restraint” as they target enterprises that are very much critical to the pandemic response.
Phishing Campaigns
“SilverTerrier actors have begun adapting their phishing campaigns and will likely continue to use COVID-19-themed emails to deliver commodity malware broadly in support of their objectives, “the reports observes, advising every organisations involved in the COVID-19 response to “apply extra scrutiny to COVID-19-related emails containing attachments.”
This adds to the woe described by a Mimecast report that saw cyber-attacks increase by 33% during the first 100 days of the pandemic. Just this week, the UK National Cyber Security Centre issued a joint advisory alongside the US Dept. of Homeland Security CISA warning of ‘nation-state attacks’ against bodies related to the COVID-19 response.
“The NCSC is right to warn healthcare organisations involved in the Coronavirus response that they are at huge risk,” Zeki Turedi, who is a Technology Strategist at CrowdStrike says, “adversaries are leveraging Covid-19 lures to launch targeted attacks against an over stretched healthcare industry. We’re in a state of high alert when it comes to information pertaining to Covid-19 and the current situation has created the perfect storm.”
419 Scam
“This is great, but sadly depressing & all too familiar, research showing the advancement of social engineering capabilities from the nation that invented the 419 scam,” Ian Thornton-Trump, CISO at Cyjax went on to say “I would argue that this is great evidence the Nigerian Prince has grown up, attended cyber-crime university and graduated with full honours.”
Targeting healthcare & the related supply chain for healthcare seems the ‘right’ criminal strategy, counsels Thornton-Trump, & for 2 reasons. “One, folks working in that industry are stressed and have been stressed for many weeks & stressed people make mistakes,” he suggests, going on to say “& Two, given the sense of urgency to obtain PPE & other items in short supply standard procedures may not be followed.”
$3.5 Million cheque
Thornton-Trump explains he means the checks & balances as well as authorisation processes may be “streamlined” thus creating an easy way to convince someone to embark on illegalities. “In the US there was a local government official who had to drive a US$3.5 Million cheque to meet a PPE supplier in a closed McDonald’s parking lot,” he drily observes, “that’s not a common situation.”
He went on to starkly point out that it’s, “unlikely members of SilverTerrier will donate their proceeds to the government or hospitals,” he stated the obvious fact, “the more money you have in a place like Nigeria, the more options you have to save yourself & your family.”
Expert at ripping off people
It was also said quite bluntly that, “if your resume includes ‘expert at ripping off people’ are we surprised that folks are going to work just as hard as they can right now?”
The perfect time
However Nigeria, is not alone “It’s pretty fair to suggest that cybercrime groups in Africa, South America & various Asian nations will follow the lead of ‘top-tier’ cyber-crime countries such as China, Russia, Iran & North Korea,” & “now is the perfect time to launch COVID-19 disinformation and cyber-crimes in all forms, and based upon the numbers I’ve seen, both defenders and attackers are working very hard.”
