Too expensive tea in Ritz featuring scammers
August 31, 2020
Expanding outside Italy with VMRay
September 15, 2020
Phishing attacks often target non-IT employees because they are believed to be easier to fool. Nevertheless, IT specialists can also become victims of cyber criminals. Lazarus Group has recently attacked a cryptocurrency organization, targeting the company’s system administrator. The attackers crafted a fake job post on LinkedIn to attract his attention and used a malicious attachment as a bait. The malicious file prompted the sysadmin to open it for details of an exciting new job. The document was allegedly protected by the GDPR, so the sysadmin had to enable macros to open it.
How do attackers catch their bigger fish?
Most phishing attacks target generic audience. Phishing emails for such mailing campaigns are neither personalized nor accurate. The attackers rely on the victim to react fast without thinking twice. For example, immediately changing the password being afraid that someone has stolen his or her data. Or opening the attached document without double checking the email sender.
There is another approach, when the victim is pre-selected, and the phishing communication is built carefully. It requires a greater resource investment, but also guarantees a greater reward. This is exactly what happened to the attacked cryptocurrency company in this story.
What can you do to protect yourself?
- The ability to recognize fake emails and manipulation attempts should be exercised by everyone in the company. Even or especially those responsible for IT and IT security. Security awareness platforms allow to test how resistant multiple corporate teams can be in case of a phishing attack. They also continuously develop useful skills and habits among employees throughout the year
- One should always be careful with messages sent from unfamiliar addresses, especially if they contain macros, PDF, or archived attachments
- Regularly – or better constantly – review the security event logs. This will help to track suspicious activity on time and detect an incident before any serious damage to the company’s assets
- Prepare a detailed action plan for the case of cyber security emergency, so you act fast to contain the security incident. The plan should also include the incident analysis process to avoid the situation repeating in the future
Image by wal_172619
