A phishing campaign targeting UK employees in the retail and insurance industries is sending out emails claiming to come from the Ministry of Justice. ZDNet reported that the emails have the subject line “Court,” while the body of the message implies that the user has been summoned with a subpoena to testify. To get details, the user is prompted to click a link that takes the user to a Word document hosted on Microsoft One drive. The user is then prompted to “enable macros,” which allows the code programmed into the document to download onto the user’s system. It downloads a malware called Predator the Thief, which is used to steal login credentials, browser data, and cryptocurrency stored in digital wallets, as well as to take photos with the computer’s webcam. When Predator the Thief finishes plundering the system and sending all its information back to its command-and-control center, the malware self-destructs, erasing all traces of itself.
UK users might see through the phony message because, despite using the official Ministry of Justice logos, the campaign leans heavily on the word “subpoena” which has not been a term in the UK court system since 1999, when the official phrasing was changed to “witness summons.” In regards to macros, Avast Security Evangelist Luis Corrons recommends that users in general avoid enabling them. “They can be useful tools,” Corrons said, “but macros are severely abused by cybercriminals on a regular basis. Average home users never have to use macros, and business users should know never to activate any macros that originate from outside their company.”
Spain suffers two massive ransomware attacks in one day
Two large enterprises in Spain were hit with a ransomware attack on the same day this week. It is unclear if the two were related. Bleeping Computer reported that on Nov. 4, one of Spain’s largest managed service providers, Everis, was hit with ransomware. The files were encrypted in a way that indicates the attack was targeted at the company, with a ransom demand for €750,000. Later that day, Spain’s largest radio station, Cadena SER, was also struck by a ransomware attack. In response, the radio station’s IT service immediately disconnected all servers from the internet. Broadcasts on a local level were affected, but the station’s Madrid headquarters was able to continue broadcasting nationally. Investigators are looking into both cyberattacks and checking for any connections between the two. “Targeted ransomware attacks can be really profitable for cybercriminals,” Corrons commented, “which is why we are seeing them more and more. Usually these attacks take a little time to spread and execute since the attackers must first compromise a single computer in the victim’s network. That’s why it is critical for IT teams to be on alert at all times for any suspicious activity within their networks.”
This week’s quote
“Passwords are like underwear. The longer the better, change them often, don’t leave them lying around.” – Jaya Baloo, Avast’s new chief information security officer. Read more from our Q&A.
Data breaches cost healthcare industry $4 billion
Data breaches will cost the healthcare industry about $4 billion in recovery costs this year, according to recent Black Book Research surveys, as reported by Yahoo Finance this week. The amount comes from a projected 9.5 million records breached by year’s end with a calculated cost of $423 per record. Data breaches have affected 10% of all healthcare consumers so far, while healthcare providers continue to be the most targeted organizations for industry data breaches. This is most likely due not only to the wealth of personal information found in medical records, but to the limited IT funding hospitals receive, making it difficult to invest in areas that don’t generate revenue. Some 96% of the surveyed IT professionals agreed that cyberattackers have outpaced medical enterprises, holding them at a technological disadvantage.
This week’s stat
2.5 billion smartphones are used on a daily basis around the globe, which is why they’re such a popular target for criminals. Learn the 9 tips you need to follow to keep your own smartphone safe.
Phishing scams abuse Google Analytics
Many malicious websites associated with phishing scams use Google Analytics software, according to a new cybersecurity study reported on by ZDNet. More than half of all websites use analytics software to measure web traffic, visitor habits, and overall engagement. Google Analytics is the industry leader for this type of data, being used by over 30 million websites as well as, according to the study, many active phishing URLs. Phishing scams typically direct victims to malicious websites hoping to trick them into either entering sensitive information or downloading malware. The researchers behind the study stated that while they feel some scammers intentionally use the analytics to optimize their scams, modifying per the collected data, others may inadvertently have the analytics software onboarded because it was part of the source code they ripped from the authentic website they’re trying to mimic.
Transparent computer-desk in Avast’s new IoT Lab. Explore it in this week’s must-read.
This week’s ‘must-read’ on The Avast Blog
Dozens of devices, more than 6 kilometers of cables, and a Faraday Cage give Avast researchers a new place to crack open the Internet of Things in the company’s new IoT Lab. Explore it here.
Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN. Get advertisers off your back and disguise your online identity for greater privacy with Avast AntiTrack.