Partner Perspectives  Connecting marketers to our tech communities.
SPONSORED BY
5/9/2017
11:00 AM
Malwarebytes Labs
Malwarebytes Labs
Partner Perspectives
50%
50%

Malspam Causing Havoc for Mac & Windows

Spam is a multi-platform, multi-vector approach to network compromise, and organizations need to weigh up the risks on all fronts to be able to combat it successfully.

Spam campaigns continue to be a major problem for businesses across the globe, serving up a mixture of malware, phishing, identity theft, and more. With scammers spiking activity in February after what appeared to be a bit of an extended holiday, malware spam (Malspam) attacks have returned in full force. Fax notifications, scanned images, resumes, and traffic tickets have all been successfully used as bait, often using password-protected documents and zipfiles attempting to defeat automated analysis.

Even as business shores up the technical side of things, Malspam authors hope to exploit the supposed weak link in the security chain – the non-security trained employee. A disaster of this nature poses a major risk both in public and behind the scenes. The two primary targets we see are finance and social media, and scammers hope to see a lethal combination of low/no security, and poor staff training in order to pull off a successful attack.

The soft HR/Finance Underbelly
If an unwary employee in HR or finance receives a "late payment" or tax invoice missive, there is a good chance they won't stop and think before opening the infected file (usually via the password pasted into the email itself - another evasion tactic). If this happens on a network with no suitable protection in place, that organization is looking at downtime, data theft, and even a dose of ransomware for their troubles.

From banking Trojans and clickfraud to "pump and dump" stock campaigns, the playing field for these attacks is a large one and it's essential that a layered defense goes hand in hand with regular, thoughtful training sessions for those guarding the financial keys to the kingdom.

Financial Lockdown
Give your HR and finance teams an insight into the world of fake tax invoices. Let your CFO know about the ever-present threat from CFO fraud spam, along with ways to spot a fake. If you don't have a "two factor" method for authenticating wire transfers, do it now, or risk losing hundreds of thousands of dollars, or even (in the worst examples) millions to a CFO scammer. Just one incident could not only cause endless column inches about how badly your company got it wrong, but conceivably put you out of business.

Even your social media accounts aren't free from spam worries; we often see fake accounts pretending to be real companies that insert themselves into customer support conversations on Twitter in an effort to send victims to phishing or malware pages. Typically, they do this when the official Twitter support account isn't being used, so by the time the staff log in the next day it's too late.

Companies may wish to divide social media duties between different time zones to combat this, and also backtrack on conversations to ensure scammers haven't worked themselves into the debate. If it's possible to verify the identity of your account on a particular service, this will definitely help to prove your credentials. It's essential to explain to the people responsible for these social media accounts what dangers lurk, or else they can't effectively safeguard the interests of your customers on a daily basis.

Spam is a multi-platform, multi-vector approach to network compromise, and we need to weigh up the risks on all fronts to be able to combat it successfully. Whether finance or front line social media support, the time is now to take action and shore up those defenses.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Government Shutdown Brings Certificate Lapse Woes
Curtis Franklin Jr., Senior Editor at Dark Reading,  1/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-6345
PUBLISHED: 2019-01-15
The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large. The internal implementation of the function will cause a string to be created with an invalid length, which can then interact poorly with other functions. This affects all s...
CVE-2018-7603
PUBLISHED: 2019-01-15
In Drupal's 3rd party module search auto complete prior to versions 7.x-4.8 there is a Cross Site Scripting vulnerability. This Search Autocomplete module enables you to autocomplete textfield using data from your website (nodes, comments, etc.). The module doesn't sufficiently filter user-entered t...
CVE-2019-3554
PUBLISHED: 2019-01-15
Wangle's AcceptRoutingHandler incorrectly casts a socket when accepting a TLS 1.3 connection, leading to a potential denial of service attack against systems accepting such connections. This affects versions of Wangle prior to v2019.01.14.00
CVE-2019-3557
PUBLISHED: 2019-01-15
The implementations of streams for bz2 and php://output improperly implemented their readImpl functions, returning -1 consistently. This behavior caused some stream functions, such as stream_get_line, to trigger an out-of-bounds read when operating on such malformed streams. The implementations were...
CVE-2019-0030
PUBLISHED: 2019-01-15
Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.