Security researchers are warning about a phishing campaign that is targeting employees in financial services using links that download a ‘weaponized’ Excel document. Researchers who have analyzed the malware at the heart of this new attack wave have noted the malicious Excel files can bypass malware-detection systems.
This ability to slip by established anti-viral systems is because the malware contains lightweight embedded macros, making it dangerous for organizations that depend on detection-based security and sandboxing.
The emails being sent out claim to come from the Johns Hopkins Center bearing the title “WHO COVID-19 SITUATION REPORT”.
Weighing up this new risk for Digital Journal is Troy Gill, who is the Senior Manager of Threat Intelligence at Zix | AppRiver.
Gill begins his review weighing up why the finance sector appears to be a big target and why it has some inherent vulnerabilities.
Gill notes: “The financial industry is a top target for cybercriminals who continue to find new ways to obtain the endless sensitive client and customer information organizations in this industry store.”
As to why the specific mode of attack has been rolled out, Gill speculates: “Email attackers are also increasingly using customized phishing campaigns to target users as we saw with this phishing campaign where attackers exploited company-issued information about COVID-related changes to working arrangements.”
There is a common theme to this, says Gill: “The shifting of tactics seen in this phishing campaign are representative of many different malware groups, all of whom are constantly adapting their attacks to avoid detection. “
The extent of the threat means that mechanisms are need to counter-act the threats. Here Gill observes: “This is why it is important to have security controls in place that are not just robust but also nimble and adaptable to these ever-evolving threats.”
Furthermore he recommends: “This attack is a great reminder for companies to examine their email security solutions. Organizations can improve their security posture by deploying an email security solution that’s capable of scanning incoming email messages for phishing campaign patterns, malware signatures, and other threat indicators—all while allowing legitimate correspondence to reach its intended destination.”
There is more to do as well, according to Gill: “In addition to utilizing outside security services, companies need to educate employees on security best practices to help maintain the integrity of the organization including encouraging employees to flag suspicious messages and attachments received via email.”