CYBER SECURITY ALERT
>> KGB Infects Machines With Evil PDF’s
This new threat is so sophisticated it'll accept commands from ANY OTHER Attacker totally infecting your systems with multiple threats from a single PDF…
Register your interest in our Cyber Security Training
SECURITY ALERT: New Scary Phishing Technique
The Turla threat group, a Russian-speaking with links to the Russian Intelligence Service (KGB) is back with a nasty new phishing technique. These bad guys are sending emails with a malicious PDF payload that installs a hidden backdoor in the workstation.
The backdoor is a standalone dynamic link library that's able to install itself and interact with Outlook and other email clients. It exfiltrates data through email, which means that it evades detection by many commonly used data loss prevention products. The stolen data is enclosed in a PDF container, which also looks unproblematic to many security solutions.
The Anti-Virus company ESET researchers who've tracked this latest evolution of Turla warned, there's no command-and-control server that can be taken down - the malware can be completely controlled via email, the data exfiltration can look entirely legitimate, and the ways in which the campaign modifies standard functions make it a stealthy and tough-to-eradicate infection.
The purpose of this malware is monitor to all incoming and outgoing emails from infected systems and to gather info about the sender, recipient, subject, and attachment name (if any). That data is then organized into logs that are sent to Turla operators where they can then carry out their vicious attacks.
The Outlook backdoor also checks all incoming email for PDFs that might contain commands from the attackers. It will accept commands from ANY threat actor that is able to encode them in the right format in a PDF document.
What this means is that it gives ALL HACKERS an access through the back door of your email system essentially lowering the draw bridge so the soldiers can sack the castle…
If the email address to which the malware typically transmits stolen data is blocked, the hacker can recover control of the backdoor simply by sending a rogue PDF with a new C2 address.
This is really a nightmare you don't want to wake up to. Organizations should step their employees through new-school security awareness training which explains that the PDFs they're receiving may not be what they seem.
80% Spike in Business Email Compromise This Quarter
Business email compromise attacks (BEC) have spiked by 80% over the past quarter, according to a report by Mimecast. The security provider revealed that over the past three months it had blocked over 41,000 BEC attempts that went undetected by other vendors.
Business email compromise takes place when employees of an organization are manipulated into transferring large sums of money from the organization to an attacker posing as the CEO or CFO. The attack usually starts with a successful spear phishing email that grants an attacker access to the organization.
Once inside, the attacker can spend months observing the internal operations and communications of the organization. After becoming familiar with the organization’s schedule and employees, the attacker spoofs an email from the CEO to one of the employees asking them to wire money to the attacker’s account.
The FBI stated that BEC has caused the loss of over $12 billion between October 2013 and May 2018. The best way to defend against BEC attacks, according to the FBI, is to use face-to-face or voice-to-voice communication. Additionally, requiring multi-factor authentication for payments can add a layer of security, particularly if one of the authentication methods is confirmation by phone call.
Finally, increasing employee awareness of email security can prevent an attacker from gaining access to the organization in the first place. Sound policies, and employees trained to follow them, can help block BEC before it starts.
Old-school Cybersecurity awareness training does not hack it anymore. Your email filters have an average 10-15% failure rate; you need a strong human firewall as your last line of defence. Click here to find out more about Cybersecurity awareness training for your team.