The U.S House of Representatives’ System Administrator has taken the decision to temporarily suspend the use of YahooMail until further notice. The Technology Service Desk told staff through an internal e-mail on April 30. In their opinion, Yahoo was to blame for not being proactive enough detecting mass phishing attacks.
The ban comes after an increase in phishing attacks that purport to be from known, trusted senders. The attackers use both Gmail and Yahoo, though the later seems to be their favorite.
An extract from the e-mail reads: “The House Information Security Office is taking a number of steps to address this specific attack. As part of that effort, we will be blocking access to YahooMail on the House Network until further notice.”
Then the message goes on to briefly explain what a phishing attack is.
This incident follows an anonymous insider leak that ransomware had infected a computer. IT staff managed to isolate the machine within 20 minutes of the infection, so it didn’t spread. Ransomware encrypts files and demands a payment for the key. These are commonly delivered by phishing attacks. With the e-mail usually comes an attachment that seems important for the user to read.
In the current phishing season, .zip file attachments containing malicious JavaScript are being used. Another delivery method common with ransomware is the use of a Word document that contains a macro. If a macro is carrying one of the good (bad) ransomware variants, once the document is opened, the malware is installed before the end of page – without another click (Maktub ransomware, for example).
Before the House of Representatives attack, ransomware locked-down files in police stations, hospitals, many institutions and increasingly moved away from the home network and specifically targeted business. But it is not only ransomware that phishing e-mails carry; they can carry any malware – spyware for instance. The House state that they are hardening their systems. Perhaps a refresher course in safe operating should be implemented, too – including for the Administration. Before ransomware decides to go into politics.
