Newly Discovered Phishing Campaigns Evade Anti-Malware Systems
On January 26th, cybersecurity researchers from Securonix and Avanan discovered two new phishing tactics that have successfully evaded anti-malware systems. The new tactics were dubbed “PY#RATION” and “Blank Image Attacks”, and have already infiltrated companies across the globe.
This tactic includes sending a phishing email in which cybercriminals have attached a password-protected ZIP archive that contains images of a falsified driver’s license. The images contain code for malware that is executed once the files are opened. Though this may seem like a typical phishing attack, the concern comes from the malware’s ability to disguise itself as a Cortana virtual assistant to avoid detection. The malware in this tactic is a form of a Remote Access Trojan (RAT) attack and can execute commands such as keylogging and exfiltrating sensitive data.
Blank Image Attacks
This tactic is aptly named, as hackers send blank images in the form of HTML attachments via email. The emailed attachment reads as if it was sent from the popular eSignature platform, DocuSign, leading users to believe the email is legitimate. The email links to an actual DocuSign landing page, however, when users click the “download” image for the document they believe they are signing, they are redirected to a blank image containing malware. So far, blank image attacks have also been able to remain largely undetected by anti-malware systems.
How to Avoid These New Phishing Attempts
Cybercriminals continue to be innovative in their approach to successfully breach customers and organizations. Not all phishing attempts are easily spotted, so remain vigilant to avoid being baited into precarious situations.
- Have IT or InfoSec teams review any suspicious attachments - especially those including “.htm”
- Block all HTML attachments from being automatically opened and/or downloaded
- Watch for future updates to your antivirus software that can identify these threats, and be ready to install them when they become available
- Alert employees of these new risks to keep them aware and protected
- Schedule a penetration test to assess your organization’s current vulnerabilities
How we help
Our cybersecurity and risk services can help organizations strengthen their line of defense against phishing attacks and other destructive cybercrime tactics.
- Aponix Protect™ builds a comprehensive cybersecurity and technology risk management program tailored to your business needs
- Business impact analysis and business continuity plans complete with robust policies, plans, and procedures, better protect your organization from data breaches and efficiently recover from a cyber incident or significant business disruption
- Risk assessments identify and remediate gaps in a firm’s current cybersecurity and regulatory state, as well as figure out how a firm stands up against existing frameworks (SOC, PCI, NIST)
- Staff training and threat monitoring educate your team on industry best practices, cyber trends, and emerging threats
- Vulnerability and penetration testing reduce the risk of financial, operational, and reputational losses that can result from a breach
For questions about this alert, or to find out more about our services, please reach out to your ACA consultant or contact us.