Business infrastructure and email systems should be of the highest priority for all companies. If hackers manage to infect corporate networks with malware, there is no telling what information they can steal.
But sometimes, even the best systems can be breached when employees aren’t careful or negligently divulge information. Over the last few months, Microsoft said that it has been tracking several spear-phishing attacks targeting companies. Tap or click here to see the biggest threat to small businesses in 2021.
A new attack has been discovered with emails designed to inject malware onto a company’s network. Once an unsuspecting employee opens it, the payload is set in motion to steal as much as it can from a company’s servers.
Here’s the backstory
Spear-phishing is when cybercriminals direct their attacks to a specific person or company, typically with spoofed company emails. Microsoft recently noticed that individuals working in the aerospace and travel sector had been targeted in the hopes of infecting their company’s network.
The malware gets onto a machine after an infected email is set to the recipient. The mail has an image attached that poses as a PDF file attachment. Once the attachment is opened, it automatically downloads a malicious Visual Basic file that deploys a remote access tool (RAT).
To further complicate the matter, cybercriminals have been spoofing real company domains for malicious emails. This makes it seem as if the emails are coming from a real, reputable organization. But in fact, it is all part of the plan to infect as many machines as possible.
“The campaign uses emails that spoof legitimate organizations, with lures relevant to aviation, travel, or cargo. An image posing as a PDF file contains an embedded link (typically abusing legitimate web services) that downloads a malicious VBScript, which drops the RAT payloads,” Microsoft explained in a tweet.
In the past few months, Microsoft has been tracking a dynamic campaign targeting the aerospace and travel sectors with spear-phishing emails that distribute an actively developed loader, which then delivers RevengeRAT or AsyncRAT. pic.twitter.com/aeMfUUoVvf— Microsoft Security Intelligence (@MsftSecIntel) May 11, 2021
What you can do about it
The details of how the attack works are highly complex and technical. But in layperson terms, once it made its way onto a target machine, it worms through the corporate network.
It connects to a command and control server to install additional malware. The malware then steals corporate credentials and spies on workers through webcams. It can even copy what’s saved in a computer’s clipboard and steal private and browser information along with network details.
You might not have control over your company’s firewalls, but you can make sure that your work computer is updated with the latest patches. Check that any anti-virus software is also up to date with the latest definition files.
More ways to avoid falling victim to spear-phishing attacks:
- Refrain from opening emails if you don’t know the sender. This bears repeating, as it’s one of the easiest ways to avoid getting suckered into a phishing campaign. If you never open the malicious message, it cannot hurt you.
- Never download attachments unless you’re 100% sure of the contents. Even if an email allegedly comes from a boss or colleague, it’s worth giving them a phone call to make sure they actually sent the attachment. Email attachments are one of the most common vectors for malware installation, after all.
- Always check the sender’s email domain. If the email claims to come from a trusted source, make sure to look at the sender field. If it’s from a mismatched URL, that’s as big of a red flag for phishing as any.
- Don’t click unknown links in emails. Just like with attachments, it’s worth getting in touch with the email’s sender to make sure you’re not visiting any malicious or dangerous websites.
- Check the URL for any site you visit. You can do this by hovering your cursor over a link before clicking on it. This doesn’t just apply to links from emails, but anywhere else you visit on the web. If a URL appears mismatched to the page’s contents, get as far away as you can.
- If an email or website asks for personal data or login information, ignore it. Most businesses and platforms will never ask for your information point-blank and will usually give you the option to reset these things yourself.
Following these safety tips should keep your system malware-free. Just remember to confirm a text or email was sent from your boss, HR personnel or colleague before clicking links or downloading attachments. It’s always better to be safe than sorry.