Forcepoint X-Labs have recently been dealing with invoice-flavored campaigns utilizing a more advanced infection chain than normally appreciated. It relies on special data exchange between different Microsoft Office document formats and the techniques used to showcase a very high level of knowledge within that domain.
Experts Comments
After nearly 2 years under the radar, Zloader resurfaced last May disseminating a widespread COVID-19 themed campaign. The multi-purpose malware which is a descendant of Zeus, acts as a Banking trojan with the capability to disseminate other powerful tooling such as ransomware.
The strain capitalises on the current fears and concerns of the public to enhance the success of its campaigns. It seems this recent campaign is no different, utilising the concluding tax year to socially engineer its
.....Read MoreAfter nearly 2 years under the radar, Zloader resurfaced last May disseminating a widespread COVID-19 themed campaign. The multi-purpose malware which is a descendant of Zeus, acts as a Banking trojan with the capability to disseminate other powerful tooling such as ransomware.
The strain capitalises on the current fears and concerns of the public to enhance the success of its campaigns. It seems this recent campaign is no different, utilising the concluding tax year to socially engineer its targets and optimise potential returns.
While this technique is nothing remarkable or new, the best precautions we can take on both an individual and organisational level, is to stay alert to global events and occurrences which could be adopted by adversaries to lure in potential victims. Consistently question and research incoming emails, if something seems too good to be true, it most likely is.
Read LessLinkedin Message
@Natalie Page, Cyber Threat Intelligence Analyst, provides expert commentary at @Information Security Buzz.
"The strain capitalises on the current fears and concerns of the public to enhance the success of its campaigns...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/advancements-in-invoicing-a-highly-sophisticated-way-to-distribute-zloader
Facebook Message
@Natalie Page, Cyber Threat Intelligence Analyst, provides expert commentary at @Information Security Buzz.
"The strain capitalises on the current fears and concerns of the public to enhance the success of its campaigns...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/advancements-in-invoicing-a-highly-sophisticated-way-to-distribute-zloader
Although the MHTML attack described is more sophisticated than most invoice phishing schemes, it still relies on the user to download and open a Microsoft Office document with macros enabled. Even though the actual attack attempts to bypass many security mechanisms, it can still be prevented by following simple security guidelines. Never click on links or attachments in unsolicited messages. Do not allow macros to run on untrusted MS Office documents. At this time of year, be particularly wary
.....Read MoreAlthough the MHTML attack described is more sophisticated than most invoice phishing schemes, it still relies on the user to download and open a Microsoft Office document with macros enabled. Even though the actual attack attempts to bypass many security mechanisms, it can still be prevented by following simple security guidelines. Never click on links or attachments in unsolicited messages. Do not allow macros to run on untrusted MS Office documents. At this time of year, be particularly wary of tax-related phishing messages.
Read LessLinkedin Message
@Paul Bischoff, Privacy Advocate, provides expert commentary at @Information Security Buzz.
"Do not allow macros to run on untrusted MS Office documents...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/advancements-in-invoicing-a-highly-sophisticated-way-to-distribute-zloader
Facebook Message
@Paul Bischoff, Privacy Advocate, provides expert commentary at @Information Security Buzz.
"Do not allow macros to run on untrusted MS Office documents...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/advancements-in-invoicing-a-highly-sophisticated-way-to-distribute-zloader
This modified attack will likely be in heavy use during this U.S. tax season, as some strains pose as new tax information from the Internal Revenue Service, enticing unknowing victims to open the email and the malicious file attachment. While services such as Forcepoint can offer some protection against these types of attacks, employee education remains an important tool in the battle against these email attacks that use malicious links and attachments to infect users' computers and networks.
.....Read MoreThis modified attack will likely be in heavy use during this U.S. tax season, as some strains pose as new tax information from the Internal Revenue Service, enticing unknowing victims to open the email and the malicious file attachment. While services such as Forcepoint can offer some protection against these types of attacks, employee education remains an important tool in the battle against these email attacks that use malicious links and attachments to infect users' computers and networks.
Read LessLinkedin Message
@Chris Hauk, Consumer Privacy Champion, provides expert commentary at @Information Security Buzz.
"This modified attack will likely be in heavy use during this U.S. tax season...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/advancements-in-invoicing-a-highly-sophisticated-way-to-distribute-zloader
Facebook Message
@Chris Hauk, Consumer Privacy Champion, provides expert commentary at @Information Security Buzz.
"This modified attack will likely be in heavy use during this U.S. tax season...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/advancements-in-invoicing-a-highly-sophisticated-way-to-distribute-zloader
Be part of our growing Information Security Expert Community (1000+), please register here.
Cases like this teach us one thing – never open an attachment addressed from an untrustworthy or unknown source. Of course, the issue is then how do we figure out what is a trustworthy or known source. Today, attackers are putting more and more effort into designing convincing phishing emails; therefore, making their detection harder than ever. This is why the campaign with ZLoader can be quite successful, especially when people are currently working on their taxes and might expect an email
.....Read MoreCases like this teach us one thing – never open an attachment addressed from an untrustworthy or unknown source. Of course, the issue is then how do we figure out what is a trustworthy or known source. Today, attackers are putting more and more effort into designing convincing phishing emails; therefore, making their detection harder than ever. This is why the campaign with ZLoader can be quite successful, especially when people are currently working on their taxes and might expect an email from the IRS.
Individuals should always refrain from opening any attachments. They should think about why they are being contacted, and question whether they expect a document from the IRS through email. Often, when opening a document, you might not notice anything wrong. However, the document will drop a malicious payload that will contact the command-and-control server and infect your system.
Read LessLinkedin Message
@Boris Cipot, Senior Sales Engineer , provides expert commentary at @Information Security Buzz.
"Individuals should always refrain from opening any attachments...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/advancements-in-invoicing-a-highly-sophisticated-way-to-distribute-zloader
Facebook Message
@Boris Cipot, Senior Sales Engineer , provides expert commentary at @Information Security Buzz.
"Individuals should always refrain from opening any attachments...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/advancements-in-invoicing-a-highly-sophisticated-way-to-distribute-zloader