Client Portal
Schedule a Free Consultation
  • News
  • Cybersecurity|General News

Share Article:

SBA And CDC Phishing Emails Can Carry Malware

According to Microsoft, its machine learning threat detection models have helped its research teams uncover multiple mal-spam campaigns. These campaigns have been tied together by the common theme of incorporating poisoned disk image files used as attachments. Each campaign has been aimed at a different target population, but all use some variant of COVID-19 in their subject lines, and all feature either ISO or IMG file attachments.

In all cases, the image files contain a version of the Remcos Remote Access Trojan (RAT) which allows the attackers to gain complete control over any machine their malware infects.

Microsoft identified three separate campaigns including:

  • One that specifically targeted US accountants and accounting firms with emails claiming to contain “COVID-19-Related Updates” for members of the American Institute of CPA’s.
  • Another targeting manufacturing concerns based in South Korea, with email subject lines and interior graphics painting them as being from the CDC’s Health Alert Network (HAN).
  • Yet another that specifically targeted small business in the US. These emails were crafted to appear to be from the Small Business Administration (SBA) and promised detailed information on how to get pandemic-related disaster loans.

Tanmay Ganacharya is the Director of Security Research in Microsoft’s Threat Protection division.

Tanmay had this to say about the recent discovery:

The main thing that we really wanted to call out, and why it caught our attention, is because of the COVID-19 lures and also because of the slightly different techniques we found and the type of attachments they are sending. They’re using ISO files, which is not super common. It’s not like this is the first time we have ever seen it, but it is also not like extremely common for attackers to do this.”

It goes without saying that if you, or one of your employees, gets an email like any of those described above, don’t run the attached files, and stay on your guard. We’re almost certain to see many more attacks like these before the crisis is behind us.

Used with permission from Article Aggregator

  • News
  • AI

How to Run a “Shadow AI” Audit Without Slowing Down Your Team

It usually starts small. Someone uses an AI tool to refine a difficult email. Someone enables an AI add-on inside...

Read Blog
  • News
  • Cybersecurity

Zero-Trust for Small Business: No Longer Just for Tech Giants

Think about your office building. You probably have a locked front door, security staff, and maybe even biometric checks. But...

Read Blog
  • News
  • Cloud

The Daily Cloud Checkup: A Simple 15-Minute Routine to Prevent Misconfiguration and Data Leaks

Moving to the cloud offers incredible flexibility and speed, but it also introduces new responsibilities for your team. Cloud security...

Read Blog