Excel Documents are Part of New Phishing Campaign Attacks
The coronavirus problem and cybersecurity breaches are no strangers to the other. So much that Microsoft has recently raised awareness about a phishing campaign designed to steal user information. The Microsoft Intel team reports malicious actors to attempt to spy on infected systems with an Excel document. They do so by creating falsified emails in hopes users will click on the attached content.
According to the intel team, the emails typically follow a similar pattern. The title claims the email is from John Hopkins medical, normally with the tagline “WHO COVID-19 SITUATION REPORT.” From there, the reader is prompted to read the attached Excel “reports.” Within the falsified attachment are “reports” of Coronavirus cases with an included warning. According to Microsoft Intel, however, if the doc runs long enough it downloads the malicious NetSupport Manager.
Exploited tools
NetSupport isn’t inherently malicious. But as Microsoft’s report asserts, it’s routinely exploited by attackers to steal personal data and information. This is because, as a remote access tool, it can run commands and unintended operations on infected machines. In other words, if your PC was compromised by the Excel document, hackers could dictate what your system did. It can also attach to a command-and-control server to implement continued exploited commands.
Other similar attacks like Trickbot campaigns employ similar methods, such as sending emails containing a “coronavirus check.” They attempt to steal user information with the falsified messages.
Users should avoid downloading or opening attachments they’re unfamiliar with, especially unverified sources claiming to have information on Coronavirus.
Protecting your information
As always, there is a range of things you, your business, and your staff can do to mitigate risk. Primarily, it comes down to practicing skepticism. It’s also important to recognize the telltale signs of a phishing message or email.
- Take extra precautions when reading messages related to the COVID-19 virus, and dismiss any emails requesting you to click on an outbound link
- Ignore emails/messages promising medicine, cures, or financial relief – ALWAYS check official sources for the most up-to-date info on COVID-19
- Keep your anti-virus software updated
- Keep all relevant apps and software for work/personal use running at their latest version
- Employ active monitoring on networks to check for unusual network activity
- When in doubt, practice zero-trust, only reading an email when it’s been verified by the appropriate parties
Curbing the threat of phishing scams during the Coronavirus outbreak relies on taking extra precautions. Just as you wear masks and practice good sanitation to reduce the risk of contracting the virus, so should you be safe when it comes to the digital world.
External resources
If you need additional help, Bytagig has a range of services to combat phishing attempts and potential data loss.
- Data backups and cloud services in case of information loss
- Active monitoring to check for malicious connections
- Technical roadmaps to promote the best software for your business
- Guidelines and strategies for thwarting phishing attempts and scams
For additional information, you can contact us today.
