Phishing Attacks Becoming Harder to Detect

Email scams and phishing attacks are becoming more complex and harder to detect every day. Cyber-criminals are getting smarter and using new ways to trick their victims. One of the latest techniques is just downright nasty.

This new phishing attack vector was reported this week by Barkly. Users at one of their customers began receiving emails from known contacts they had at other organizations. These emails appeared to be a reply to an existing email threat, where users of the two organizations had been emailing back and forth.

New phishing emial

As you can see, the message in the email was short – not giving the user a lot of chances for red flags. And when it is coming from a known source, it is even harder to detect! The goal was to have the end user open the Word attachment and follow the instructions to enable macros.

So what happened if they fell for it?

If the user was unlucky enough to have opened the attachment and enabled macros, then they were infected with a variant of Ursnif, one of the most active and widespread banking trojans in the world. Investigation into the attack showed that the Word document contained a macro that launched PowerShell when activated which in turn downloaded the Ursnif payload.

Ursnif then steals credentials of the victim through a variety of ways.

And to make matters worse, the cyber criminals then use the email accounts of the victims to spread the infection by sending out more emails. Yikes!

So what can you do about it?

  • Make sure you have a strong antivirus/spam filter in place to stop these emails from even reaching your users’ inboxes.
  • Disable MS Office macros network-wide if possible.
  • Configure the endpoint security software on the workstation to catch malicious attachments.
  • Check your firewall rules to make sure this type of attachment is flagged as potentially dangerous.
  • Educate your end users about these newest attacks.

As always – THINK BEFORE YOU CLICK!!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s