Tactics of the Attacker – New European Spear Phishing Campaign

Cyber criminals are taking ransomware to a new level. The BBC is reporting consumer personal information is being stolen from unsecured databases. See here for details:

http://www.zdnet.com/article/new-phishing-attack-knows-your-address-and-brings-ransomware/

That data is then used to create carefully crafted spear phishing email. The emails have names, addresses, etc of the user. The email comes in the form of a collection letter,demanding money for an unspecified service or overdue bill. The email looks legitimate. It even uses the company names of known collection agencies! Included in the email is a payment link which, if clicked, opens a doc file which downloads the ransomware. This scam has not yet been seen in the US, but it is just a matter of time. Personal Identifiable Information, or PII is not secure on many databases.

Please see our previous blog for more information: https://layer8cybersecurity.com/caveat-emptor/

What’s new in this latest scam is the very detailed personal information the cyber criminals use to craft the spear phishing email. There is also a time window to pay: the longer the victim waits to pay, the more it will cost.

The malware is a new version of Maktub Locker. See here for more details:

https://blog.malwarebytes.org/threat-analysis/2016/03/maktub-locker-beautiful-and-dangerous/

CNET labs have called this malware “beautiful and dangerous”. The malware does not need an internet connection to function. Email is retrieved, but unopened. Hours later when the user opens the email, and clicks on the embedded link, the malware activates. The malware uses a fake user agreement or other legitimate looking .doc file, and while the user is reading the doc, the malware downloads.

Cyber criminals are becoming more sophisticated in their social engineering skills to craft spear phishing emails. Users must adopt a defensive frame of mind and excellent cyber hygiene:

  • Do not open suspicious email
  • Do not click on embedded links or files contained within suspicious emails
  • Always verify an email is from the listed sender
    • Hover the cursor over the sender to ensure names and URL’s match

If you are interested in learning more about spear phishing, cyber crimes, cybersecurity and how to create a resilient business, please contact us at: contact@layer8cybersecurity.com