Tag Archives: Phishing

Posted on Author Atlantic Computer Services Categories Blog

Password Manager Malware Tricks Users Into Revealing Their Passwords

There’s a new threat making the rounds called ‘Metamorfo’ that you should be aware of. The malware began its life as a banking trojan.

This news is from researchers at Fortinet, who report that the malicious code has recently gotten some upgrades that make it particularly nasty.

Like many similar programs, this one finds its way onto target machines by way of phishing emails. In this case, the vehicle of choice seems to be emails that claim to have an invoice attached in the form of a Microsoft Word document.

If a user receives this email and opens the ‘invoice’ he or she will be informed that the message cannot be properly displayed without enabling macros. Of course, enabling macros is the mechanism that allows Metamorfo to be installed on the target device.

Once installed, the malicious code will first check to be sure it’s not running in a sandbox or virtual environment. Once it has confirmation that it is not, it will run its Autolt script execution program, which it uses to evade detection by antivirus programs that may be running on the target system.

Safe from detection, it will then shut down any browser sessions that may be running and prevent any new browser windows from using the auto-complete function when entering passwords. It then begins prompting the users to manually enter their passwords. When they do, the keystrokes are mapped and sent to a command and control server that the hackers control. It’s a fiendishly clever way of making sure the hackers harvest as much password information as possible from each system they infect.

Be very wary of opening attachments from any unknown and untrusted source and make sure all your systems are fully patched and up to date. It’s not a perfect solution, but it will certainly minimize your risk.

0
Posted on Author Atlantic Computer Services Categories Blog

Financial Organizations Beware Of Documents Asking To Enable Content

If you work in the financial sector, be advised that there’s a large scale botnet-driven malware campaign underway. It has been targeting firms in both the US and the UK.

The malware at the heart of the campaign is Emotet, which began life as a banking trojan, but it has morphed into something quite different in recent times.

It’s now a full-fledged botnet and its creators are leasing it out to anyone who can pay.

Make no mistake, the latest configuration of Emotet isn’t a threat to be taken lightly. Last year, it accounted for almost two thirds of malicious payloads delivered via phishing attack. The malware was heavily used throughout much of 2019, suffered a marked decline during December, and then came roaring back to the fore in January of 2020.

While the major thrust of this latest campaign is aimed at financial institutions, a small number of attacks have been made against companies in the media, transportation, and food industries.

The campaign is being conducted largely by phishing emails that contain a Microsoft Word Document that pretends to be an invoice for a service recently rendered. The email subject line varies but in all cases it mirrors the invoice and/or bank details.

Naturally, if a recipient attempts to open the invoice, he or she will get a popup box indicating that Macros must be enabled in order to properly view it. If the recipient clicks the button to enable macros, the malicious payload will be installed.

This is time tested and a reliable method of getting malicious code onto target machines. It’s been around for years, but it’s still in use because it’s so effective. Make sure your employees are aware of the threat and stay vigilant. If the early indications mean anything, 2020 is going to be a very trying year.

0
Posted on Author Atlantic Computer Services Categories Blog

New Malware Sends Offensive Texts From Your Phone

Malware tends to be at its most effective when it exists in secret. Under the radar. This is what allows malicious code to burrow deep into an infected system and capture a wide range of data. It’s what allows cryptojacking software to quietly siphon off computer power to mine for various forms of cryptocurrency. That makes money for the malicious code’s owners. Secrecy is typically seen as a very big deal.

Then there’s the malware called Faketoken, which has recently been upgraded with enhanced capabilities that throws all that out the window. The latest version of the malware adds insult to injury by sending out offensive, expensive, or overseas text messages after milking as much money out of an infected system as it can. It’s such a departure from hacking norms that it caught researchers at Kaspersky Lab by surprise when they saw it.

Researchers have been tracking Faketoken’s ongoing development since it first made the “Top 20 Most Dangerous Banking Trojans” list in 2014.

Since that time, the code’s owners have added a raft of capabilities to the malware, including:

  • The ability to steal funds directly, rather than relying on other Trojans bundled with it to do the heavy lifting
  • Using phishing login screens and overlaid windows designed to dupe mobile users into entering their account credentials, handing them straight to the hackers
  • The ability to act as ransomware, encrypting files and demanding payment

Sending out offensive texts is an oddly amusing addition to malicious code like this. However, there may be a method to the apparent madness of the people behind the code. It is, after all, a fantastic way to advertise the code’s effectiveness.

Ultimately, the only people who know the true purpose behind this new functionality are the hackers themselves, but we may well be looking at the leading edge of a new trend in malware. Stay tuned.

0
Posted on Author Atlantic Computer Services Categories Blog

Phishing Emails Are Becoming Even Harder To Identify

According to data collected by Microsoft, phishing emails accounted for 0.62 percent of all inbox receipts in September 2019.

That’s up from 0.31 percent just one year prior to that.

The increase is alarming of course, but at first glance, these look like fairly harmless numbers.

Unfortunately, last year, phishing emails targeting business owners (BEC, or Business Email Compromise) cost companies around the world more than a billion dollars last year.  That fact makes the year over year increase terrifying.

The reason BEC campaigns are so successful and so expensive for businesses is that the scammers tend to impersonate CEOs and other high-ranking corporate officials.  When you get an email that by all outward appearances comes from your boss, and it’s marked urgent, you tend to respond right away.  That’s exactly what the scammers are counting on.

Even worse, scammers have gotten increasingly good at crafting their emails.  It has reached the point that even IT professionals have been taken in by them in some cases. They’ve been unable to spot the subtle differences between a scammer’s email impersonating a CEO and an email from the CEO himself.  If an IT professional gets taken in, what hope is there for a busy HR employee or someone from the accounting office who doesn’t face those types of threats on a daily basis?

Given the rapid increase in the number of well-crafted phishing emails, this is a serious, legitimate concern. Unfortunately, bolstered by their own success, you can bet the scammers will be even more prolific.

If there’s a silver lining here it is this:  Microsoft reports that taking the simple step of enabling two-factor authentication across the board is an effective countermeasure.  Phishing attacks tend to be automated, and 2FA blocks 99.9 percent of automated attacks. If you’re not currently using it everywhere, you’re putting yourself at unnecessary risk.

 

 

0
Posted on Author Atlantic Computer Services Categories Blog

Employees Targeted By Hackers Posing As HR Department

Just when you think scammers couldn’t get any lower, they find new ways to prove you wrong.  Recently, a new phishing scam has been spotted in the wild, this one baiting potential victims with the possibility of pay raises.

The scammers structured their email so that they appeared to come from the Human Resources department of their victims’ companies.

They asked the recipient of their phishing email to open an Excel spreadsheet bearing the name “salary-increase-sheet-November-2019.xls.”  A shortcut to the remotely hosted spreadsheet was naturally provided.

The body of the email explained that “The Years Wage increase will start in November 2019 and will be paid out for the first time in December, with recalculation as of November.”  Needless to say, this tends to catch most people’s attention.  After all, who doesn’t want a raise, right?

If a recipient clicked on the link, he or she would then be asked to provide Office 365 login credentials in order to see the file.  Of course, the file contains dummy data and has nothing to do with getting a raise; it’s simply a useful hook to get an unwitting user to hand over their credentials.

The scammers not only constructed a convincing looking email, but the Office 365 login screen looks exactly like a legitimate login screen. This goes far in explaining the campaign’s unusually high success rate.

The researchers who have been following the issue urge Office 365 users to enable multi-factor authentication via Office 365 or a third-party solution. They also encourage business owners to enroll their staff in phishing awareness training programs designed to help employees spot and report phishing attempts more easily.

Be on high alert for this one.  So far it has proved to be a highly effective campaign.

0
1 9 10 11 12 13