Experts Comments: Phishing Campaign Targets Precision Engineering Company

BleepingComputer reported that attackers have targeted precision companies in Italy with phishing that is difficult to spot. The final payload is a fileless trojan that harvests credentials. The campaign used a legitimate-looking Microsoft Excel spreadsheet embedded with exploit code that moves silently to infect the computer.

Unlike the run-of-the-mill methods of infection that involve a Microsoft Office document, the cybercriminals behind this campaign did not embed malicious macro code in the Excel file, which would call for user interaction.

Instead, they opted for a stealthier variant: an exploit for a remote code execution security bug that would run automatically run code on the victim computer without user intervention as soon as the document was opened.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Nigel Stanley
InfoSec Expert
October 31, 2019 3:54 pm

Users will rarely spot such a particularly well-crafted phishing email like this, so this highlights the relentless need to patch systems and keep cyber hygiene up to scratch – boring, but necessary. The fact that the exploit had been identified and fixed 2 years ago should raise some questions in that business about their cybersecurity controls as a matter of urgency. Failing to manage cybersecurity risk could very likely impact their future orders and business.

Last edited 2 years ago by Nigel Stanley
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x