Watch your work email for malware that can hijack your system

May 17, 2021

By Kim Komando

Business infrastructure and email systems should be of the highest priority for all companies. If hackers manage to infect corporate networks with malware, there is no telling what information they can steal.

But sometimes, even the best systems can be breached when employees aren’t careful or negligently divulge information. Over the last few months, Microsoft said that it has been tracking several spear-phishing attacks targeting companies. Tap or click here to see the biggest threat to small businesses in 2021.

A new attack has been discovered with emails designed to inject malware onto a company’s network. Once an unsuspecting employee opens it, the payload is set in motion to steal as much as it can from a company’s servers.

Here’s the backstory

Spear-phishing is when cybercriminals direct their attacks to a specific person or company, typically with spoofed company emails. Microsoft recently noticed that individuals working in the aerospace and travel sector had been targeted in the hopes of infecting their company’s network.

The malware gets onto a machine after an infected email is set to the recipient. The mail has an image attached that poses as a PDF file attachment. Once the attachment is opened, it automatically downloads a malicious Visual Basic file that deploys a remote access tool (RAT).

To further complicate the matter, cybercriminals have been spoofing real company domains for malicious emails. This makes it seem as if the emails are coming from a real, reputable organization. But in fact, it is all part of the plan to infect as many machines as possible.

“The campaign uses emails that spoof legitimate organizations, with lures relevant to aviation, travel, or cargo. An image posing as a PDF file contains an embedded link (typically abusing legitimate web services) that downloads a malicious VBScript, which drops the RAT payloads,” Microsoft explained in a tweet.

What you can do about it

The details of how the attack works are highly complex and technical. But in layperson terms, once it made its way onto a target machine, it worms through the corporate network.

It connects to a command and control server to install additional malware. The malware then steals corporate credentials and spies on workers through webcams. It can even copy what’s saved in a computer’s clipboard and steal private and browser information along with network details.

You might not have control over your company’s firewalls, but you can make sure that your work computer is updated with the latest patches. Check that any anti-virus software is also up to date with the latest definition files.

More ways to avoid falling victim to spear-phishing attacks:

Following these safety tips should keep your system malware-free. Just remember to confirm a text or email was sent from your boss, HR personnel or colleague before clicking links or downloading attachments. It’s always better to be safe than sorry.

Keep reading

Need a job? Amazon is hiring 75,000 workers starting at $17 an hour

5 free small business resources to save you some cash

https://www.komando.com/tips/cybersecurity/spear-phishing-malware/