At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Microsoft Exchange targeted for IcedID reply-chain hijacking attacks

    IcedID was first reported on by IBM X-Force in November 2017 and the malware shared some code with Pony. This banking trojan was designed to steal banking credentials but has been observed being used to deploy ransomware. A popular attack vector for IcedID is via phishing emails. The infection chain that commonly has been used is an email with an attached password protected “zip” archive.

    Recently researchers at Intezer have discovered a further evolution of the threat actors’ technique, whereby actors use compromised Microsoft Exchange servers to send the phishing emails from the account that they stole from. The researchers also state that:

    The payload has also moved away from using office documents to the use of ISO files with a Windows LNK file and a DLL file. The use of ISO files allows the threat actor to bypass the Mark-of-the-Web controls, resulting in execution of the malware without warning to the user.”

    In the current campaign researchers have seen  organisations within energy, healthcare, law, and pharmaceutical sectors targeted.

    While Intezer’s report focuses on current and ongoing activity, it is unclear when this campaign started. It is possible that it started five months ago. In November 2021, a Trend Micro report described a wave of attacks using ProxyShell and ProxyLogon vulnerabilities in exposed Microsoft Exchange servers to hijack internal email reply-chains and spread malware-laced documents.

    With thanks to the Cyber Defence Alliance and BleepingComputer. The full story is here: https://www.bleepingcomputer.com/news/security/microsoft-exchange-targeted-for-icedid-reply-chain-hijacking-attacks/

    Get Your Customized Automated Security Awareness Program, ASAP!

    Many IT pros don’t exactly know where to start when it comes to creating a security awareness program that will work for their organization.

    We’ve taken away all the guesswork with our Automated Security Awareness Program (ASAP).

    ASAP is a revolutionary tool for IT professionals, which allows you to create a customized Security Awareness Program for your organization that will show you all the steps needed to create a fully mature training program in just a few minutes!

    asap-monitor-1

    Here’s how it works:

    • Answer seven questions about your organization’s goals, compliance needs, and culture
    • ASAP recommends suggested training content based on your answers
    • See a detailed calendar with a customized task lisk to get your program started
    • Easily export detailed and executive summary PDF versions of your program
    • Get a fully mature awareness program ready in 5 minutes
    Get Started Now!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/asap-partner?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top