Finance Departments getting Targeted by Phishing Emails with .Com Payloads
As per a recent analysis by Cofense IntelligenceTM, there has been a substantial increase in the number of phishing emails targeting financial service departments by using .com extensions.
Cofense Intelligence, an anti-phishing company, has analyzed 132 samples that are unique having .com extension in the month of October alone; whereas, the company had analyzed only 34 samples in the past nine months before that. Four malware families that are different were utilized.
The file extension .com is used for the text files having executable byte code. Microsoft NT kernel-based operating systems and Disk Operating System (DOS) both allow .com files to be executed because of the backward compatibility reasons. Within DOS stub, .com style byte code is similar across all the PE32 binaries (.dll, .exe, .scr, etc.).
Out of the malware families which are being delivered, most were made up of Hawkeye, AZORult and Loki Bot. The analysis done by Cofense Intelligence reveals that the subject lines of the email are specific to malware payloads that they deliver. For example, if the email subject is 'payment' then it would deliver mostly AZORult information stealer, whereas if 'purchase order' is the email subject then it would deliver mostly the Hawkeye keylogger and the Loki Bot information stealer.
Generally, the .com payloads are attached directly to the phishing email without the intermediary delivery mechanism. Though, there are a few campaigns that include an attachment containing an intermediary dropper.
Aaron Riley, an Intelligence Analyst, writing on Cofense blog says that, "Cofense Intelligence estimates that we'll see an increased adoption of malware using the .com extension. Similar campaigns will likely expand to other industries that have monetizable data, like the healthcare and telecommunication sectors". Riley further said that, an increase use of .com extensions could be harmful to the enterprise networks in case the organizations are unprepared for it; and if they become prepared, then there will be surge in popularity of another file extension in a continuous effort to remain ahead of defense.
» SPAMfighter News - 11/27/2018
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!