Cybersecurity expert provide an insight below on IcedID banking trojan and why it is an interesting malware.
IcedID is a particularly interesting malware in that it first checks to see if a victim is working in a virtual environment or a debugged environment. It actually looks for that configuration automatically and, if you’re not, then the malware continues to do the work it was set up to do – inject malicious code.
With regards to the content of the phishing emails, these give us a couple of good reminders that should be shared with employees:
Macros should not be enabled by default. If a document ever asks you to enable it, verify with the sender first. Making a request to enable macros should raise a flag.
Same thing with a .zip file. Always double-check with the sender before opening a .zip file. Just reach out real quick – it’ll save you from potentially having a really bad day.
These attackers are using the current COVID-19 pandemic to their advantage, and this is the human nature side of cybersecurity. We’re all a little scared because we feel completely out of control. So you have people who are already mentally overwhelmed, and then an email comes through related to that same topic people are overwhelmed with (COVID-19), and that makes it a lot easier to get people to click. Bad actors usually need to put some kind of effort into researching how to get their victims to click, what would strike them enough on an emotional level? With COVID-19, there’s this one thing that everyone is so passionate about and obsessed with. It makes sense how easy it is to get people to fall for it.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics