Anthony gave us an overview of the world of cybersecurity. The most important step you can take is to be aware of the risks and dangers that exist in our world full of technology. Hackers are not movie characters nor kids messing around, they are criminals. At this moment, they are targeting YOU! Always keep in mind the one basic principle of cybersecurity: Be Careful. Forewarned is Forearmed!
Speaking of movie characters... does any one else miss Elliot? (Mr. Robot)
Get Your VBA Stomp On!
A clever new wave of phishing attacks prove malicious, macro-enabled attachments can still bypass security tools and pack a serious punch under the right conditions.
The attacks, recently spotted by researchers at FireEye, targeted financial services organizations in the United States, tricking them to download and deploy a backdoor giving attackers full control of the victim’s environment.
What is VBA stomping?
VBA stomping is a technique attackers use to manipulate VBA source code in Microsoft Office files and hide malicious code in the file’s pseudo-code (or p-code). Security tools that only check the VBA code of the file may not recognize the macro-enabled functionality and may fail to flag a malicious file. In this scenario, the email above could land in a user’s inbox or be opened without an antivirus warning.
What does this mean for your organization?
It is possible that your antivirus software will catch a VBA-stomped file or that your most cyber-aware user will notice the red flags if the phishing email manages to reach their inbox. However, this attack serves as a reminder that cybercriminals operate on the playing field set up by your business technology and security tools. In this case, exploitable elements in Office files and a way to coax a benign antivirus assessment provide hackers with a roadmap to exploit an unsuspecting user.
It’s impossible to know where future attacks will come from and if your existing infrastructure can protect against them all. That’s what makes training and empowering you so important. You need to be able to recognize and report the security threats that reach your inbox.
Common Types of Phishing Attacks (Part 1)
Below are the first two (of six) most frequent types of phishing attacks as reported by some of our Skilled Phish Hunters. Be sure to keep on the lookout, and watch for Part of this post soon!
ACCOUNT VERIFICATION
- Appears to come from a well-known company like Netflix and asks you to sign in and correct an issue with your account
- Link points to a website pretending to be a company’s legitimate site and asks for your login credentials
- TIP: Do not click any links in the email — directly log in to your account by typing the address into your web browser. If you are unable to log in, contact the service using official contact information.
CLOUD FILE SHARING
- Contains a link to what appears to be a shared file on Google Docs, Dropbox or another file-sharing site
- Link points to a page pretending to be a file-sharing site and requests you log in
- TIP: Do not click any links in the email. Instead, log in to your account and find the shared file by name. Remember to verify sender identity and use established Cloud file sharing services.
Amex, Chase fraud-protection emails used as phishing lure
A new phishing campaign pretends to be fraud-protection emails from American Express and Chase. The fraudulent emails ask recipients to confirm if the listed credit card transactions are legitimate. Upon clicking No, the victims are directed to a fake login page that steals their banking credentials.
Read more… https://www.bleepingcomputer.com/news/security/amex-chase-fraud-protection-emails-used-as-clever-phishing-lure/
Tuesday Training…
On March 3rd we will learn how to spot the bait as Anthony guides his friend Cecil through the dangers of phishing. Is this actually a very exciting email from the boss, or is it just another hacker’s trap?