Go Back   SZONE.US Forums > Do it yourself (DIY) > Web Tips > Web Findings

Web Findings Here you will find information about the internet.

Accounts Payable in the Czech Republic Targeted by Dridex

Views:1228
Reply
Thread Tools Search this Thread Rate Thread
  #1  
Unread 08.05.15, 09:38 AM
Zachariah Boren's Avatar
Zachariah Boren Zachariah Boren is offline
Administrator
 
Join Date: 02.07
Location: Canoga Park, CA
Posts: 928
Blog Entries: 6
Images: 10075
Send a message via ICQ to Zachariah Boren Send a message via MSN to Zachariah Boren Send a message via twitter to Zachariah Boren
Accounts Payable in the Czech Republic Targeted by Dridex

08.05.15 09:00 AM

Websense® Security Labs™ has observed an increase in Dridex being used to target individuals in the Czech Republic. Using malicious email lure themes related to invoicing, the campaign follows a typical pattern of targeting recipients using keywords like "accounts payable" to make the messages seem more authentic. The Dridex campaign also uses a combination of subject lines and email bodies that urge prompt action.



Websense Security Labs saw tens of thousands of lures targeting users in the Czech Republic within a very small time window on August 4, 2015. The emails were sent from a variety of sender domains with fictitious user names. The malicious emails contain Microsoft Word MHTML attachments with malicious macros that can be used to execute code.









Recipients should be extra cautious of email messages that include any source information they are not already familiar with, including:


• Email sender
• Company sender domains
• Email bodies with little to no contextual information


Since Dridex is known to not only leverage but also harvest additional SMTP accounts as part of its malicious activities, email recipients should also be careful with suspicious messages sent from familiar names or aliases. Recipients should use caution by following up in a separate email thread or via a phone call (or some other out-of-band process) for validation of a submitted invoice. Furthermore, all security best practices and defense-in-depth strategies should be followed as part of a risk mitigation strategy. Websense customers are currently protected via TRITON AP-Email. This case highlights once again that geography has a role to play in the malware-as-a-service ecosystem.


Contributors: Jose Barajas and Ran Mosessco






http://community.websense.com/blogs/...by-dridex.aspx
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Rate This Thread
Rate This Thread:



All times are GMT -8. The time now is 09:47 PM.


Powered by vBulletin® Version 3.8.5
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Copyright 2007 - 20017 SZONE.US All rights reserved