Phishing Attacks Capitalizing on Current Chaos

Phishing - October Malicious Email - bwPhishing attacks thrive in chaos, and there is certainly no shortage of turmoil right now. I wanted to share with you some of the leading threats SilverSky’s Threat Intelligence Team has identified, as well as a threat reported in a recent news article.

Since phishing campaigns generally rely on emotions like confusion, urgency, and fear, it isn’t surprising that attackers continue to take advantage of the COVID-19 pandemic and the anxiety surrounding the upcoming US presidential election. 

The following is a summary of what we are seeing out there right now. For more detailed information and malicious email observations over time, I invite you to access our Malicious Email Report Library.

Emotet Spear-Phishing Campaign Leverage Presidential Election Anxiety

Emotet, by far today’s largest malware botnet, had triggered multiple security alerts this month in countries such as France, Japan, New Zealand, and the US. The emails contain links and attachments with fake documents such as invoices, shipping information, CVs, financial documents, scanned documents, or information on COVID-19.

Additionally, SilverSky’s Threat Intelligence Team observed Emotet’s presence as attackers take advantage of the anxiety surrounding the US elections. We spotted a new spam campaign pretending to be from the Democratic National Convention’s (DNC) Team Blue initiative. Emotet’s primary goal is to convince recipients to open the attached malicious document. Once the attachments are opened, and macros enabled, the malware will be installed and executed on the user’s machine. 

Directly after the first Presidential debate, the threat actors behind Emotet, mainly known as TA542, executed a new spam campaign pretending to be from the DNC asking for volunteers to help Democrats get elected.  SilverSky’s Threat Intelligence Team also discovered a few Emotet very recently containing the keyword “County” and “Administration” in the subject line linking the messages to the county offices that handle voting processes like registration, voting, and counting ballots. 

Voter Registration ‘Error’ Phishing Attack

Similar to election-related phishing campaigns seen by SilverSky, other stories related to voter registration have been reported. Further leveraging election anxiety, these phishing emails tell recipients that their voter registration applications are incomplete, ultimately aiming to steal social security numbers, date of birth, driver’s license data, and more.

The emails look as if they were sent by the US Election Assistance Commission, an independent government agency that serves as an election administration information resource. The email contains a URL leading to a spoofed web page aiming to capture the above-mentioned personal data. The emails’ subject line and body include wording like “voter registration”. 

This campaign uses a classic but effective social engineering tactic. An urgent problem is shared with the recipient, and they must share personal information to correct the issue.1

https://silversky.com/malicious-email-activity-report-library/Return of Amazon Phishing Scam  

Of course, online shopping has increased a great deal during the pandemic. Therefore, it is not surprising that our Threat Intelligence Team has tracked an increase in phishing campaigns targeting Amazon customers. One of the malicious emails contains the subject line “You are receiving this email because you are an Amazon customer.”  The sender’s address impersonates Amazon with the address of <account-update@amazon[.]co[.]jp> to look genuine. The link within the email redirects to a fake Amazon login page hosted on a [.]xyz TLD domain. 

Always look for spelling or grammatical errors. It also essential to note that Amazon does not use email to request customers’ confidential information like a PIN, credit card number, security code, or bank account information.

FedEx-Themed Dridex Malspam

FedEx is the latest lure used by cybercriminals to spread Dridex in a worldwide campaign. Our Threat Intelligence Team has discovered new malspam attacks that exploit a fake invoice with a zipped archive file or excel file attached. Once the attachment is opened, the file will communicate with command and control (C2) servers and downloads a DLL immediately. 

The user’s machine is then infected with the malware (Dridex), which specializes in stealing bank credentials. The emails have subject lines beginning “Fedex Tracking Number,” followed by a random reference number, pretends to be delivered from FedEx <no-reply[@]fedex[.]com> and claims that the parcel has just arrived. SilverSky’s Threat Intelligence team uncovered another email with an “Invoice Ready for Payment” subject line in this campaign. 

To learn more about the cyberattacks observed every month, we encourage you to access our Malicious Email Attack Report Library. As always, if SilverSky can help you better protect your digital estate from phishing attacks and cybersecurity threats at large, don’t hesitate to contact us.

 

Sources:

  1. “Voter Registration ‘Error’ Phish Hits During U.S. Election Frenzy,” Lindsey O’Donnell, Threat Post, October 2, 2020

Head of Product Management, Email Protection and Cloud Email , SilverSky
SilverSky offers a comprehensive suite of products and services that deliver unprecedented simplicity and expertise for compliance and cybersecurity programs.
follow me

Previous

Next

Managed Detection and Response

Comprehensive solutions to detect, prioritize, and address security incidents.

Managed Security Services

24 X 7 X 365 monitoring, management, and system maintenance.

OPTIONS:

Managed Endpoint Detection and Response

Protects against all threat vectors.

Email Protection Suite

Monitor and manage your email environment with advanced email security and compliance protections.

Cloud Email and Collaboration

Cloud office productivity enhanced with proven security and compliance protection.

How does SilverSky's integrated stack of solutions meet your needs?

Compliance and Risk Services

Assess your program and controls, benchmark and identify areas for improvement. Develop your security roadmap for investment and improvements. Effectively measure ROI and impact on your security posture

Incident Response Readiness

Incident Response Plan Development / Review. Incident Response Readiness Review. Emergency Incident Response.

Discuss your compliance, risk management and incident response readiness needs.

Schedule Free 1-on-1 Consultation

Financial Services

1,500+ small & mid-sized financial institutions rely on SilverSky to meet and exceed FFEIC, GLBA and PCI DSS requirements and overall cybersecurity needs.

Healthcare

Hundreds of small & mid-sized healthcare organizations rely on SilverSky to address HIPAA and other regulatory requirements and serve overall cybersecurity needs.

Retail

Small and mid-sized retail organizations count on SilverSky to maintain PCI DSS requirements, secure customer data and reduce cybersecurity threats.

How Exposed Are You?

Take the test to see how your security program compares with other businesses like yours.

Resources

White papers, guides, tools, on-demand webinars, case studies and more. Explore a range of topics. 

Events & Webinars

Blog

Product Sheets

SilverSky product and services information at your fingertips. Product data sheets, compliance matrixes, & brochures.

How Exposed Are You?

Take the test to see how your security program compares with other businesses like yours.

Become A Partner

Partner with SilverSky to tap into the approaching $300 billion+ cybersecurity market.

Talk to one of our partner managers and consider expanding your cybersecurity offerings.

Schedule Partner Exploration Discussion

Share This