Malware Cocktail Used in Email Phishing Scams

Nowadays, Crypto ransomware is considered as one of the biggest threats to enterprises, especially when it comes to phishing email scams. Not long ago, FBI released an advisory to businesses and organizations about Samsam ransomware, which encrypts files not only on the infected machine, but across the whole network as well.

Spear phishing is a targeted form of phishing designed to trick a specific person into divulging access credentials or clicking on malicious links. In the past, it has largely been employed by espionage campaigns, however, things have changed since then. The FBI claims that in 2013, cybercriminals used spear phishing schemes on 17,642 victims, causing about $2.3 billion in damages.

A while ago, it the security experts reported that a threat actor group named TA530 has been targeting executives and other high-level employees, attemptting to compromise their computers with different types of malware. The group is known to use CryptoWall, a ransomware variant that encrypts valuable data and demands a hefty fee to decrypt the files. Some of the other threats the hackers use are the Ursnif ISFB banking trojan and Ursnif/RecoLoad, a point-of-sale (PoS) reconnaissance trojan which is used to attack retail and hospitality industries.

Usually, the spear phishing attacks use spoofed emails, where the hacker first sends an email pretending to be from the CFO to a manager or someone from the finance department. If the employee responds, the hackers will stage a malicious funds transfer request after gathering information from the victim. After that, the attacker will prompt the victim to transfer the funds to a bank account using the language they phished from the email threads.

In some other cases, cyber criminals impersonate supplier companies and issue bogus invoices to the CFO. Once the funds are wired over, they are transferred to other bank accounts to make it difficult for tracking the transactions.

The so called BEC scheme relies on an information-stealing malware which is usually sent to targets as email attachments, much like an ongoing campaign that uses a simple keylogger malware to cause substantial damage to its targets. Last March, Olympic Vision became the fourth malware used in a BEC campaign and it was found to have targeted 18 companies in USA, Middle East, and Asia.

The security reports state that Olympic Vision feigns legitimacy and urgency and it is sent to an employee via an email attachment. After it is opened, a backdoor is installed and the malware infects the system, stealing critical information.

For instance, companies like Snapchat, Seagate, and Sprouts Farmer’s Market were among the businesses victimized by the above-mentioned type of scam. During the same month, Pivotal Software company was also hit by a breach via a phishing scheme which leaked an undisclosed number of employee tax information.

In addition, the FBI advised organizations to use multi-factor authentication in their financial processes and to scrutinize communications involving financial business transactions. Also, the victims of malware should inform both their banks and the FBI immediately.

Leave a Comment

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.