Malware, Spam and Hacking Updates for the week of February 27, 2015

Social Hacking in the office - How prepared are you for even the most basic hack?
3M Corporation recently conducted a “Visual Hacking Experiment”.  A white hat hacker was sent into the offices of eight companies posing as a temporary or part-time worker to try to hack sensitive or confidential information using only visual means. The information captured included employee contact lists, customer information, corporate financials, employee access and login information, and credentials or information about employees.

In 88 percent of attempts, the hacker was able to visually hack sensitive information from a worker’s computer screen or hard copy documents. These hacks generally were successful within 30 minutes of arrival. Worse yet, 70 percent of the time, the “visual hacker” wasn’t stopped by employees – even when he used a cell phone to take a picture of data being displayed on a worker’s screen. Virtually untraceable, visual hacking is a stealth threat vector to guard against as employees are more mobile and data is being accessed not only in the office but also in public places like airport lounges, public parks and coffee houses.

With identity and access information or login credentials (really, the “keys to the kingdom”) in the hands of the bad guys, our corporate data is at serious risk for a much larger data breach.  Often, we expect data theft to require sophisticated means in order to achieve results and sometimes it’s very easy and sometimes we don’t recognize when the threat is right there in front of us.

How do you train your staff to watch for Social Hacking at the office?

3 New E-mail  Malware Threats This Week
Cisco Security has detected significant activity related to spam email messages distributing malicious software.  Infected Email messages may look like these:

Subject:                    Dennys Invoice INV650988
Message Body:          To view the attached document, you will need the Microsoft Word installed on your system.

Infected File(s):         INV650988.doc                                       size = 32,768 bytes

Subject:                    New incoming fax
Message Body:          You have received a new fax.  John Clark

Infected File(s):         fax-23125.zip or fax-23125.exe                size = 27,136 bytes

Subject:                    Akeem Watson agent FEDEX
Message Body:          Dear Customer,   We attempted to deliver your item . . .

Infected File(s):        Package.zip /43208290483432.scr             size = 73,728
                               Pack.zip / 43208290483432.scr                 size = 77,822
                               Package.zip / 443645787823424455.scr     size = 73,728

These reports came from the Cisco Security Team and these exploits are reported to be widespread this week.

Fake e-mails referencing Payroll Information

This spam email message claims to contain payroll information for the recipient. The email message attempts to convince the recipient to open the attachment to view the details. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.

Subject:                Payroll Received by Intuit

Message Body:      Dear ----------,  We received your payroll on October 9, 2013 at 4:55 PM .   Attached is a copy of your Remittance. Please click on the attachment in order to view it.

Please be aware that this is NOT a complete list and only highlights some of the most prevalent malware spams active this week.

 

Fake Pop-up loads exploits

 









The code within the pop-up redirects straight to a Fiesta exploit kit landing page. The landing page usually performs various checks and prepares the exploits that are going to get fired at the victim.  Break out your anti-malware toolkit if any user on your network encounters a pop-up like this.  This one is going to take a while to remove!

Word Document Exploit info from our friends at AlienVault –

We are seeing some especially tricky attacks these days related to the Sofacy (aka Sednit/APT28/Fancy Bear) threat group. One of their common tactics is to hide malicious payloads in Word documents and even in Word macros, exploiting known vulnerabilities. Some other delivery mechanisms we have seen related to this group have been traditional Spearphishing, website compromises, even redirects to a fake site designed to impersonate the user’s Outlook web mail portal.   Infected computers can spread the virus to critical systems and/or those that house sensitive data Backdoor and/or Command & Control mechanisms can put you at even greater risk to future and further compromise and possibly cause destruction/exfiltration of data.

See more at: https://www.alienvault.com/blogs/security-essentials/sofacy-group#sthash.XR1ICKZz.dpuf


INTERESTING INDUSTRY HEADLINES THIS WEEK:
Target Breach Has Cost the Company $162 Million So Far
HyTrust president Eric Chiu suggests the total cost could eventually exceed $1 billion.
To read more, click here:  ESECURITYPLANET

----------------------------------------------------------------------------------------------
Got a question about malware you’d like answered? 

Just REPLY to this email with your question and the word QUESTION in the subject line

and we’ll try to answer it quickly for you.

We hope that you find this information useful.  If you don’t want to receive these alerts any more, just Reply to this e-mail with the word UNSUBSCRIBE in the subject.

Thanks,  Jeff Hoffman and your friends at ACT Network SolutionsSecurity, Data Protection and Network Management are our specialties

Do you have IT security concerns?  Call ACT @ (847) 639-7000

Delivering Innovative IT Solutions for over 26 Years
700 Industrial Drive,  Suite H       Cary, IL      60013
(847) 639-7000                          jhoffman@act4networks.com