Malicious actors continue to
craft ruthlessly aggressive email attacks tailored to leverage mounting fears
and anxieties surrounding the COVID-19 outbreak, bad guys try to exploit the
very worst fear among email recipients: the fear of infection.
Late Friday night March 27,
2020, experts started to see a new phishing email warning the recipients that
they have been exposed to the Coronavirus through personal contact with a “colleague/
friend/ family member” and directing them to download a malicious
attachment and proceed immediately to the hospital.
This email spoofs a hospital
which lends additional credibility to this particular social engineering
scheme, which is clearly designed to elicit a panicked response from readers
and override any form of rational, measured thought.
The email has a supposed Excel
file attached and is billed as a “pre-filled” form that victims
should bring with them to the hospital. In fact, that form is a
malicious, macro-laden Office document that serves as a trojan
downloader and is currently detected by only a handful of major
anti-virus applications.
Users who make the mistake of following the directions provided in that Excel file and enable macros will be kicking off a download process for a sophisticated and dangerous backdoor trojan.
This nasty piece of malware (first
reported Mar. 27, 2020) sports a number of advanced functions that
allow it to evade detection by security applications, worm its way deep into an
infested system, and serve as a platform for a variety of criminal activities.
Conclusion: Five High-Priority Recommendations
Many organisations are in the process of enabling their users to work from home securely. Apart from having and enforcing a remote work security policy, we strongly recommend deploying the following high-priority elements of these urgent projects:
- A VPN
- Single Sign On (SSO) fortified by
- Multi Factor Authentication (MFA)
- An immediate security training campaign with Consulting IT
- Fully patched machines in the cloud, the office and at the house
The COVID-19 outbreak has provided malicious actors with an unprecedented opportunity to spread widespread fears and concerns among the general public for the purposes of social engineering schemes prosecuted through malicious emails. For the bad guys, this is the ultimate in target-rich environments.
Our experience in crisis management, disaster recovery and time critical project work has proven to be the major point of difference as has our open and transparent communication.
To discuss successful partnerships and how engaging Consulting IT to maintain your IT infrastructure will:
- Reduce your Staff downtime/ Expenditure/ Stress/ Exposure and Risk
- Increase your Awareness/ Business Continuity Plans/ Backup and Disaster Recovery Systems/ Auditing and Compliance
Simply contact Corey Hill ([email protected]), National Sales and Marketing Manager.
#consultingit #flatteningthecurve #informationsecuritymanagement #scams #scammers #emailsecurity #socialengineering #informationtechnology #antivirusandmalwares #phishingattacks #informationsecurityawareness #scam #ransomwareattack #computersecurity #phishingattack #phishingemail #scamalert #cybersecuritythreats #cybercriminals #backupsolutions #cyberattack #cybersecurity #malware #trojan