Member-only story
How Malware-Embedded Malicious Invoices and Purchase Orders Exploit Organizations (Part I)
You must have heard of many mitigation measures where articles suggest not downloading any PDFs and documents that land in your inbox from unknown sources. Ever wondered what happens?
A post on cybercrime forum highlights some methods why industries such as logistics, manufacturing, healthcare, and product-based businesses are often targeted by malicious phishing emails, since they capitalize on the trust and speed of business communications.
So here’s how malicious invoices and purchase orders exploit organizations and the attack process unfolds, from lead generation to system compromise.
Step 1: Targeting High-Privilege Individuals
To initiate the scam, the threat actor first gathers leads on high-privilege individuals within the targeted organization. The leads are provided from various aggregators, official websites, or purchased through data brokers operating on the dark web.
Individuals who are executives or staff members with access to critical systems, are primarily targeted because of their access privileges, while not necessary and limited to them, but are preferred for credential theft or malware attacks.
