The United States has officially accused cyberactors affiliated with China’s State Security Ministry of carrying out the massive Microsoft Exchange Server hack revealed in March – © AFP / FARSHAD USYAN file
Security researchers warn of a phishing campaign that targets financial services workers with links that download an “armed” Excel document. Researchers who analyzed the malware at the heart of this new wave of attacks noted that malicious Excel files can bypass malware detection systems.
This ability to evade established antiviral systems is due to the fact that the malware contains lightweight built-in macros, which makes it dangerous for organizations that depend on detection-based security and sandboxing.
The emails sent claim to be from the Johns Hopkins Center with the headline “WHO COVID-19 SITUATION REPORT”.
Weigh this new risk for Digital journal is Troy Gill, who is the Senior Director of Threat Intelligence at Zix | AppRiver.
Gill begins his review by assessing why the financial sector appears to be such a big target and why it has some inherent vulnerabilities.
Gill notes, “The financial industry is a prime target for cybercriminals who continue to find new ways to obtain the myriad organizations of sensitive customer and customer information from this industry store. “
As to why the specific attack mode was deployed, Gill speculates, “Email attackers are also increasingly using personalized phishing campaigns to target users, as we’ve seen with this email campaign. phishing where attackers exploited company published information about COVID-related job changes. provisions. “
There is a common theme to this, says Gill: “The change in tactics seen in this phishing campaign is representative of many different malware groups, all of which are constantly adapting their attacks to avoid detection. “
The extent of the threat means that mechanisms are needed to counter the threats. Here, Gill observes, “That’s why it’s important to put in place security controls that are not only robust, but also agile and adaptable to these evolving threats. “
Further, he recommends, “This attack is a great reminder for businesses to review their email security solutions. Organizations can improve their security by deploying an email security solution that can analyze incoming email for phishing campaign patterns, malware signatures, and other threat indicators, while allowing legitimate correspondence to reach its intended destination.
There is also more to do, according to Gill: “In addition to using external security services, companies need to educate employees on security best practices to help maintain organizational integrity, including by encouraging employees to report suspicious messages and attachments received by email. . “