Kaspersky Lab researchers have detected a new wave of financial spear-phishing emails disguised as legitimate procurement and accounting letters that hit at least 400 industrial organizations in an attempt to earn money for the cybercriminals.

 

The series of attacks started back in autumn 2017 and targeted several hundreds of company PCs in industries ranging from oil and gas, to metallurgy, energy, construction, and logistics.

 

In the detected wave, the criminals not only attacked industrial companies together with other organizations, they were predominantly focused on them. They sent out emails containing malicious attachments and try to lure unsuspecting victims into giving away confidential data, which they could then use to make money.

 

According to Kaspersky Lab data, this wave of emails targeted around 800 employee PCs, with the goal of stealing money and confidential data from the organizations, which can then be used in new attacks.

 

The emails were disguised as legitimate procurement and accounting letters, containing content that corresponded to the profile of the attacked organizations and took into account the identity of the employee – the recipient of the letter.

 

It is noteworthy that the attackers even addressed the targeted victims by name. This suggests that the attacks were carefully prepared and that criminals took the time to develop an individual letter for each user.

 

When the recipient clicked on the malicious attachments, modified legitimate software was discreetly installed on the computer so that criminals could connect to it, examine documents and software related to the procurement, financial and accounting operations.

 

Furthermore, the attackers were looking for different ways to commit financial fraud, such as changing requisites in payment bills in order to withdraw money for their benefit.

 

Moreover, whenever criminals needed additional data or capabilities, such as obtaining local administrator rights or stealing user authentication data and Windows accounts to spread within the enterprise network, the attackers uploaded additional sets of malware, prepared individually for an attack on each victim.

 

This included spyware, additional remote administration tools that extend the control of attackers on infected systems and malware to exploit vulnerabilities in the operating system, as well as the Mimikatz tool that allows users to obtain data from Windows accounts.

 

“The attackers demonstrated a clear interest in targeting industrial companies. Based on our experiences, this is likely to be due to the fact that their level of cybersecurity awareness is not as high as it is in other markets such as financial services. That makes industrial companies a lucrative target for cybercriminals,” said Vyacheslav Kopeytsev, security expert at Kaspersky Lab.

 

Kaspersky Lab researchers advise users to follow these key measures in order to be protected against spear-phishing attacks:

  • use security solutions with dedicated functionality aimed at detecting and blocking phishing attempts. Businesses can protect their on-premise email systems with targeted applications inside the Kaspersky Endpoint Security for Business suite. Kaspersky Security for Microsoft Office 365 helps to protect the cloud-based mail service Exchange Online inside the Microsoft Office 365 suite.
  • introduce security awareness initiatives, including gamified training with skills assessments and reinforcement through the repetition of simulated phishing attacks. Kaspersky Lab customers would benefit from using the Kaspersky Security Awareness Training services.

 

To learn more about the financial phishing threat, please read the blog post available at ICS-CERT.kaspersky.com.

 


RECOMMENDED ARTICLE FOR TECHWORLD


 
Most Common Phishing Scams and What You Can Do to Avoid Them
Techworld Date Posted: 27 May 2019 3:58 PM | 302 Views
It has become easy enough to identify and dismiss e-mails from people pretending to be relatives who get in trouble abroad, or from do-gooders asking for help for victims of calamities. These “appeals” have.... See More
 
Most Common Phishing Scams and What You Can Do to Avoid Them
Techworld Date Posted: 3:58 PM | 302 Views
It has become easy enough to identify and dismiss e-mails from people pretending to be relatives who get in trouble abroad, or from do-gooders asking for help for victims of calamities. These “appeals” have...See More

 
Power Mac Center Launches Lowered Service Rates, Enhanced Mail-In Repair Service
Techworld Date Posted: 7 November 2018 4:06 PM | 474 Views
In its commitment to provide genuine and hassle-free premium services to its customers, Power Mac Center’s Apple Authorized Service Provider is introducing lowered service repair rates and enhanced service offerings. . See More
 
Power Mac Center Launches Lowered Service Rates, Enhanced Mail-In Repair Service
Techworld Date Posted: 4:06 PM | 474 Views
In its commitment to provide genuine and hassle-free premium services to its customers, Power Mac Center’s Apple Authorized Service Provider is introducing lowered service repair rates and enhanced service offerings. See More

 
Sowbug: Cyber Espionage Group Targets South American and Southeast Asian Governments
Techworld Date Posted: 10 November 2017 11:03 AM | 701 Views
Symantec has identified a previously unknown group called Sowbug that has been conducting highly targeted cyber attacks against organizations in South America and Southeast . See More
 
Sowbug: Cyber Espionage Group Targets South American and Southeast Asian Governments
Techworld Date Posted: 11:03 AM | 701 Views
Symantec has identified a previously unknown group called Sowbug that has been conducting highly targeted cyber attacks against organizations in South America and Southeast See More

 
Roaming Mantis Extends DNS Hijacking Attacks from Asia to Rest of World, Adds Crypto-Mining
Techworld Date Posted: 18 May 2018 2:23 PM | 245 Views
On 16 April, Kaspersky Lab researchers reported on a new Android malware distributed through a domain name system (DNS) hijacking technique and targeting mainly smartphones in Asia. Four weeks on, the threat continues to.... See More
 
Roaming Mantis Extends DNS Hijacking Attacks from Asia to Rest of World, Adds Crypto-Mining
Techworld Date Posted: 2:23 PM | 245 Views
On 16 April, Kaspersky Lab researchers reported on a new Android malware distributed through a domain name system (DNS) hijacking technique and targeting mainly smartphones in Asia. Four weeks on, the threat continues to...See More

 
Industrial Cybersecurity Threat Landscape in H1 2017: Every Third ICS Computer Under Attack Was in Manufacturing Companies
Techworld Date Posted: 14 October 2017 1:53 PM | 584 Views
In the first half of the year manufacturing companies were most susceptible: ICS computers of them accounted for about one-third of all attacks, according to the Kaspersky Lab report “Threat Landscape for Industrial Automation.... See More
 
Industrial Cybersecurity Threat Landscape in H1 2017: Every Third ICS Computer Under Attack Was in Manufacturing Companies
Techworld Date Posted: 1:53 PM | 584 Views
In the first half of the year manufacturing companies were most susceptible: ICS computers of them accounted for about one-third of all attacks, according to the Kaspersky Lab report “Threat Landscape for Industrial Automation...See More

 
Transcend Provides a Full Range of Solutions for Upgrading Mac Computers
Techworld Date Posted: 29 November 2017 4:36 PM | 513 Views
Transcend Information, a worldwide leader in storage and multimedia products, is proud to a full range of Apple solutions for upgrading Mac computers.. See More
 
Transcend Provides a Full Range of Solutions for Upgrading Mac Computers
Techworld Date Posted: 4:36 PM | 513 Views
Transcend Information, a worldwide leader in storage and multimedia products, is proud to a full range of Apple solutions for upgrading Mac computers.See More

 
TRIAL and ERROR: Kaspersky Lab Unearths iOS Cryptomining Attacks, Careless Mistakes by Roaming Mantis
Techworld Date Posted: 24 September 2018 4:57 PM | 137 Views
Just five months after Kaspersky Lab’s first report on the DNS hijacking operation to infect Android smartphones in Asia, the attack dubbed ‘Roaming Mantis’ remains highly active, exploring new tricks and techniques to extend.... See More
 
TRIAL and ERROR: Kaspersky Lab Unearths iOS Cryptomining Attacks, Careless Mistakes by Roaming Mantis
Techworld Date Posted: 4:57 PM | 137 Views
Just five months after Kaspersky Lab’s first report on the DNS hijacking operation to infect Android smartphones in Asia, the attack dubbed ‘Roaming Mantis’ remains highly active, exploring new tricks and techniques to extend...See More

 
Millennials Need More than Just a Smartphone
Techworld Date Posted: 24 August 2017 11:58 AM | 238 Views
Millennials know what they want when it comes to smartphones. These highly-digital individuals no longer choose their device solely on looks. Nowadays, what drives their choice is whether the smartphone allows them to capture.... See More
 
Millennials Need More than Just a Smartphone
Techworld Date Posted: 11:58 AM | 238 Views
Millennials know what they want when it comes to smartphones. These highly-digital individuals no longer choose their device solely on looks. Nowadays, what drives their choice is whether the smartphone allows them to capture...See More

 
NVIDIA GPUs Support the Development of Intelligent, Self-Learning Systems at the University of Adelaide
Techworld Date Posted: 27 September 2017 5:14 PM | 73 Views
Recognising shapes and pictures is complex enough for computers on 2D (flat) surfaces. When it comes to 3D object recognition, things become much more difficult as the shape of an object changes dramatically at.... See More
 
NVIDIA GPUs Support the Development of Intelligent, Self-Learning Systems at the University of Adelaide
Techworld Date Posted: 5:14 PM | 73 Views
Recognising shapes and pictures is complex enough for computers on 2D (flat) surfaces. When it comes to 3D object recognition, things become much more difficult as the shape of an object changes dramatically at...See More

 
Akamai Announces New Services, Research and Partnerships to Help Customers ‘Connect to Tomorrow’
Techworld Date Posted: 24 October 2017 2:20 PM | 594 Views
Akamai Technologies announced its vision for an integrated approach to delivering world class digital experiences at the ‘EDGE’ Conference – its annual customer event. With customers looking for the fastest online services backed by.... See More
 
Akamai Announces New Services, Research and Partnerships to Help Customers ‘Connect to Tomorrow’
Techworld Date Posted: 2:20 PM | 594 Views
Akamai Technologies announced its vision for an integrated approach to delivering world class digital experiences at the ‘EDGE’ Conference – its annual customer event. With customers looking for the fastest online services backed by...See More


Power by

Download Free AZ | Free Wordpress Themes