You've successfully subscribed to INFIMA Security
Great! Next, complete checkout for full access to INFIMA Security
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.
Billing info update failed.

'Massive' COVID-19 Phishing Campaign Exploits Excel

As pandemic continues, cyber criminals are thriving on confusion and concern.

Cyber criminals love this pandemic. They continue making money at our expense.

This particular attack has gotten so bad that Microsoft issued a warning to users. In this widespread Phishing campaign, attackers send legitimate-looking emails referencing COVID-19 (see more here) to trick users into opening an attachment.

The emails claim to originate from The Johns Hopkins Center with titles like "WHO COVID-19 SITUATION REPORT."

The attached spreadsheet includes statistics about Coronavirus cases. While it looks like real data, this file secretly contains a hacker payload in the form of malicious macros.

We’re tracking a massive campaign that delivers the legitimate remote access tool NetSupport Manager using emails with attachments containing malicious Excel 4.0 macros. -Microsoft Security Intelligence

So what does this mean?

Hackers included malicious Excel macros that launch NetSupport Manager under their control. To be sure, NetSupport is a legitimate tool for remote desktop control. The problem is that it can be badly abused by hackers. (also like this)

The NetSupport RAT (Remote Access Tool) connects to a C2 server to administer more commands.

Once in control of the NetSupport desktop application, attackers can launch any form of attack they desire: including installing keyloggers, exfiltrating data and ransoming the network.

This is a very 'smart' attack, but it's important to not get stuck on the complexity of the payload. As with nearly every attack, this all starts with well-crafted Phishing emails. Even if you keep your macros blocked by default, it's all too easy to allow them when prompted.

The unfortunate reality is that attackers will continue targeting your employees with crafty Phishing emails.

Are you ready to take action?
Start with booking quick call to learn how INFIMA's Automated Security Awareness platform easily instructs and tests your team.

To get a quote, set up a call with our (non-pushy) team here!

Original article here.
[https://www.techspot.com/news/85356-microsoft-warns-massive-phishing-campaign-leveraging-excel-40.html]

Security
Joel Cahill

Joel Cahill

Cybersecurity enthusiast. Entrepreneur.

You might also like

Pay a $1.7 Million Ransom or Else...

Pay a $1.7 Million Ransom or Else...

Hackers are getting smarter. To improve their chances of getting paid, hacker groups have added data exfiltration to their Ransomware. At best, this dramatically raises recovery costs, and at worst, causes irreparable damage to victims. Here's the latest story: After the infamous Maze Ransomware crew compromised New Jersey-based MDLab, they

Joel Cahill
Joel Cahill
Healthcare
FDIC Warns of Heightened Cyber Security Risks

FDIC Warns of Heightened Cyber Security Risks

The FDIC responded to increasing geopolitical risks (i.e. Iran post-Soleimani), with a statement "to remind supervised financial institutions of sound cybersecurity risk management principles." Financial institutions have recently faced fines and sanctions for avoidable cyber attacks. [Criminals] often obtain access to financial institution systems and networks by compromising user

Joel Cahill
Joel Cahill
Financial Services

Featured Posts

CIS Control 14 and Security Awareness Training

CIS Control 14 and Security Awareness Training

Let's Dig In: Security Awareness & Compliance

Let's Dig In: Security Awareness & Compliance

Cyber Insurers Tighten Requirements

Cyber Insurers Tighten Requirements