I was away on leave last week so you would think I was not thinking about phishing emails and cyber security but I was. Whilst away I read an article on Bleeping Computers that was a very old school cyber attack (Toulas, 2022). It was sending a phishing email to many, many potential victims, with a malware infected zip file attachment, in the hope that a number of the recipients either lack the training or are so busy that they taken in by the email message and open the zip file and release the malware. Once deployed the malware employs stealth techniques to evade detection by some of the major anti-virus systems.
Phishing Email – why do the threat actors do this?
I could just say for money or just for the kicks, both of which are equally valid reasons in Hacker eyes. However in this particular case it is reconnaissance. They are collecting a range of useful data (to the hacker) from the infected machines and then exfiltrating this information into an online database. Bill Toulas listed the information the threat actors are stealing:
- IP address
- UUID
- Username and machine name
- Windows OS version
- Installed security products
- Presence of .NET Framework v2.0 and/or v4.0
- Hardware information
- Timestamp
Useful information to use in conducting follow-on cyber-attacks all gained from a successful phishing email.
How did the researchers know exactly what the hackers were gathering? The online database is not secured, so anyone who can extract the database URL from the malware can inspect and use the information. This is not usual – normally the hackers will protect the stolen data with passwords etc. – maybe this was a mistake or maybe it was deliberate. Who knows?
One more sting in the tail
This phishing email attack is not only gathering sensitive information from corporate networks, examination of the unsecured information shows it includes home users.
Parting thoughts
With everyone being aware of risk of opening unsolicited email attachments, you would have thought that this type of attack would not be effective today. But a busy day in the office, letting your children or parents use your laptop, or curiosity, or any other simple reasons that we all feel would not apply to us, the attachment is opened and the hackers win.
This is where cybersecurity training helps keep cyber security in the minds of all your people, even on those days when they are rushed.
Clive Catton MSc (Cyber Security) – by-line and other articles
p.s.
Watch out for this week’s Because It’s Friday post on Smart Thinking where I link cyber security neatly into my holiday.
Further Reading
References
Toulas, B. (2022). Phishing drops icexloader malware on thousands of home, corporate devices. BleepingComputer. Retrieved November 16, 2022, from https://www.bleepingcomputer.com/news/security/phishing-drops-icexloader-malware-on-thousands-of-home-corporate-devices/