PARCA eNews – Oct. 1, 2019 – Two new scams targeting Office 365 users have been making the rounds since last July. One dubbed Trickbot Trojan uses an authentic-looking domain that has all the typical elements of a genuine Microsoft website, including links to Microsoft resources.
First identified by the MalwareHunter Team, the Trickbot campaign detects the visitor’s browser and displays a popup warning that looks like it comes from Chrome or Firefox stating that their browser is an older version and needs to be updated.
Clicking on the Update Button triggers an executable file called upd365_58v01.exe, which downloads the Trickbot Trojan, which is inserted into the schist.exe process. The malware is designed to intercept banking credentials including logins, passwords, browsing history and autofill information.
The other Office 365 scam is a phishing campaign also using fake browser warnings intended to trick administrators into providing login credentials. Emails with Microsoft and Office 365 logos direct the user to a webpage on the windows.net domain which has a valid certificate from Microsoft. The login box is identical to the one used on a Microsoft site. Consequently, even vigilant administrators have been tricked since the site looks to be legitimate.
Unfortunately, the best defense to such attacks is ensuring users are continually trained for ongoing security awareness and to keep them informed of new threats as they are identified.
The HIPAA Journal suggests these further steps to avoid Office 365 scams:
Clicking on the Update Button triggers an executable file called upd365_58v01.exe, which downloads the Trickbot Trojan, which is inserted into the schist.exe process. The malware is designed to intercept banking credentials including logins, passwords, browsing history and autofill information.
The other Office 365 scam is a phishing campaign also using fake browser warnings intended to trick administrators into providing login credentials. Emails with Microsoft and Office 365 logos direct the user to a webpage on the windows.net domain which has a valid certificate from Microsoft. The login box is identical to the one used on a Microsoft site. Consequently, even vigilant administrators have been tricked since the site looks to be legitimate.
Unfortunately, the best defense to such attacks is ensuring users are continually trained for ongoing security awareness and to keep them informed of new threats as they are identified.
The HIPAA Journal suggests these further steps to avoid Office 365 scams:
- Implement multi-factor authentication
- Check with DHS’s Cybersecurity and Infrastructure Security agency for current best practices
- Ensure logging is configured and review email logs regularly
- Ensure emails are encrypted
- Backup and use email archiving
No comments:
Post a Comment