TA505 Targets Financial Enterprises With Mass-volume Phishing Campaign

BACKGROUND:

The ransomware group TA505 is trailblazing with mass-volume email attacks on financial institutions using retooled malware and exotic scripting languages. The cybercrime group is targeting financial enterprises with an email phishing campaign where victims are directed to a fake website that is made to look legitimate through which an excel file is downloaded which contains a macro file. It’s this file that then downloads an MSI file that eventually executes the MirrorBlast malware onto the device.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Tony Hadfield
Tony Hadfield , Director Solutions Architect
InfoSec Expert
October 21, 2021 10:24 am

<p>We\’re seeing a dramatic resurgence of malware using phishing and malicious office documents during the pandemic due to the increase in remote work. While the typical security control recommendations like network segmentation, 2FA and patching are all helpful, there\’s one really simple thing organizations can do that stops ransomware hiding in malicious office documents in its tracks: code signing macros.</p>
<p>This can be set up once and then it\’s completely frictionless; every macro is signed automatically and unsigned macros are not allowed to run. Even if an employee clicks on a malicious office document, nothing happens. It stops the malware kill chain and dramatically reduces the security risks connected with this attack vector.</p>

Last edited 1 year ago by Tony Hadfield
1
0
Would love your thoughts, please comment.x
()
x