Microsoft: Massive COVID-19 Themed Phishing Campaign Underway to Gain Remote Access

Microsoft | May 21, 2020

  • Microsoft states a massive COVID-19 themed phishing campaign is underway, as a component of which attackers set up the NetSupport Manager remote access device.

  • The brand-new campaign, which was found by the Microsoft Security Intelligence group, began on May12 The malware haul comes with destructive Excel accessories.

  • Through a collection of tweets, the Microsoft Security Intelligence group has actually described the recurring phishing assaults.


Microsoft states a massive COVID-19 themed phishing campaign is underway, as a component of which attackers set up the NetSupport Manager remote access device to gain remote access. The brand-new campaign, which was found by the Microsoft Security Intelligence group, began on May12 The malware haul comes with destructive Excel accessories that are being sent out by the attackers using e-mails. Notably, this isn’t the very first time when cyber-attackers are utilizing COVID-19 as a possibility to hack individuals. Companies consisting of Google have actually currently cautioned concerning the rise in such phishing assaults.


Through a collection of tweets, the Microsoft Security Intelligence group has actually described the recurring phishing assaults. The group states that the campaign provides the NetSupport Manager utilizing e-mails with accessories consisting of destructive Excel 4.0 macros. As per the information given by the Microsoft group, the strike starts with e-mails that claim to find from Johns Hopkins Center as well as reveal information concerning the energetic COVID-19 situations in the United States. However, actually, the e-mails consist of Excel submits that as soon as open, reveal a visual depiction of the coronavirus information.



Learn more: PHISHING ATTACKS DISGUISED AS FAKE CERT ERRORS ON CISCO WEBEX USED TO STEAL USER CREDENTIALS .
 

“Notably, this isn’t the very first time when cyber-attackers are utilizing COVID-19 as a possibility to hack individuals. Companies consisting of Google have actually currently cautioned concerning the rise in such phishing assaults.”

~ Microsoft said


However, the data additionally consist of destructive Excel 4.0 macros that will certainly motivate individuals to“Enable Content” This starts the download as well as installment procedure of the NetSupport Manager customer from a remote website. Microsoft’s scientists have actually discovered that e-mails claim to find from John Hopkins Center lug destructive Excel data Photo Credit: Twitter/ Microsoft Security Intelligence.

“For several months now, we’ve been seeing a steady increase in the use of malicious Excel 4.0 macros in malware campaigns. In April, these Excel 4.0 campaigns jumped on the bandwagon and started using COVID-19 themed lure.”


Once the remote access device is set up on a target’s system, the attackers can access as well as run commands from another location. In a certain situation, the Microsoft group has actually seen that the NetSupport Manager was utilized to go down numerous elements, consisting of some executable data as well as develop connection with a C2 web server to allow more commands from the attackers.Pay focus to what you’re downloading and install from e-mails.Users are advised to prevent taking notice of arbitrary e-mails as well as confirm e-mail addresses where they’re getting brand-new e-mails prior to downloading and install the consisted of accessories. Also, it is recommended to quickly transform passwords if you discover any type of weird behavior on your system.


Through a series of tweets, the Microsoft Security Intelligence team has detailed the ongoing phishing attacks. The team says that the campaign delivers the NetSupport Manager using emails with attachments containing malicious Excel 4.0 macros.As per the details provided by the Microsoft team, the attack begins with emails that pretend to come from Johns Hopkins Center and show details about the active COVID-19 cases in the US. However, in reality, the emails include Excel files that once open, show a graphical representation of the coronavirus data. However, the files also include malicious Excel 4.0 macros that will prompt users to “Enable Content”. This begins the download and installation process of the NetSupport Manager client from a remote site.


Learn more: HOW CSOS CAN PROTECT USERS FROM PHISHING ATTACKS RELATED TO COVID-19
 

Spotlight

These days the buzz word “Cybersecurity” is tossed around frequently. But what does it really mean? Cybersecurity is the business and processes of protecting IT systems, networks and computers from the theft of electronic assets, information and data. It is a very real concern in a constantly connected world that is evolving digitally.


Other News
NETWORK THREAT DETECTION

SilverSky Announces Acquisition of Cygilant, Gains UK Presence and Renowned Data Research Talent

SilverSky | January 11, 2022

SilverSky, a cybersecurity innovator offering powerful managed detection and response (MDR) services, today announced it completed the acquisition of Burlington, Massachusetts-based Cygilant. As a leading cybersecurity-as-a-service provider, Cygilant operates a security operation center (SOC) in Belfast, Northern Ireland and also boasts some of the world's most notable Ph.D.-level talent focused on cybersecurity, advanced networks and data science. The addition of Cygilant's UK-based delivery center complements the current SilverSky footprint in Asia and North America while expanding SilverSky's access to European markets. In October 2021, SilverSky announced that ITOCHU International, Inc., the North American flagship company of Tokyo-based ITOCHU Corporation, made a strategic investment of $31.5 million in SilverSky. Additionally, in August 2021, SilverSky announced the completed acquisition of New Jersey-based Advanced Computer Solutions Group, LLC (ACSG) which added a notable customer base within the U.S. education sector and marked the company's first acquisition in a series of planned growth opportunities. "Alongside our recent growth-related announcements, this acquisition of Cygilant, a cybersecurity-as-a-service and threat-intelligence powerhouse, helps to further galvanize our efforts to globally expand the SilverSky presence as well as retain and nurture some of the industry's best cybersecurity and data science talent," said Richard Dobrow, CEO at SilverSky. "Cygilant shares our commitment to rich-service offerings that are unmatched in the industry. We're pleased to welcome the Cygilant team and their customers." "We are excited to join SilverSky,This represents a significant next-chapter of the Cygilant journey, as our innovative SOC capabilities and deep bench of cybersecurity expertise are combined with one of the industry's most comprehensive MDR offerings. The outcome for our customers will be access to the collective set of broader managed services that will continue to enrich their cyber protections and strengthen their security posture." Rob Scott, CEO and President at Cygilant who will be joining SilverSky as its Chief Strategy Officer About SilverSky Organizations of all sizes face the same cybersecurity threats, compliance mandates, and business risk as Fortune 500 companies. SilverSky levels the playing field and enables companies, regardless of their size, to access enterprise-grade cybersecurity to meet regulatory requirements, proactively respond to threats, and rapidly reduce risk. SilverSky offers one of the most comprehensive managed detection and response (MDR) solutions in the industry. Delivered as a managed services model, SilverSky MDR makes powerful cybersecurity simple, affordable, and accessible to organizations of all sizes and across industries. Customer environments are monitored 24x7x365 by highly skilled security operations analysts in SilverSky SOCs, which were developed based on military-grade security and are powered by the latest integrated technology. SilverSky has more than 20 years of operational cybersecurity success defending thousands of customers in some of the most demanding industry sectors.

Read More

PLATFORM SECURITY

Cynamics Announces Dedicated Managed Security Service Provider (MSSP) Offering

Cynamics | March 07, 2022

Cynamics, leading provider of AI-driven Network Detection and Response solutions, today announced the release of their new offering which is dedicated for Managed Security Service Providers and Managed Service Providers. The Cynamics Managed Service solution delivers a comprehensive dashboard for Cynamics partners to view all aspects of their Cynamics services across all client networks. This new dashboard represents the next step in the continued evolution of the Cynamics solution and offering. Cynamics teams up with best-in-class partners, offering unhindered network visibility and threat prediction to manage their client's environment. Cynamics unique sample-based approach accompanied with patent-pending and academically acknowledged AI technology allows our partners to predict and detect risk in seconds, responding faster and giving customers the security and granularity, they deserve. "We are grateful for our partnership with Cynamics, as it allows us to offer robust and innovative network visibility to our clients, increasing their overall security posture," said Peter Baur, IT Manager of Metro-INET. "With the rise in cyber threats on municipalities, we were looking for a provider to reduce and mitigate risk. Cynamics makes a big difference in how our customers can protect their networks effectively and gives us a comprehensive view across the entire landscape. Cynamics intuitive dashboard, access to cyber analysts 24/7 and unparalleled level of support have been a key differentiator for us as we focus on connecting our customers to solutions that enable them to operate in a more secure and productive way," Said Baur. The new offering, modeled after the Cynamics Network Blueprint dashboard, lets managed service partners add their client accounts and rapidly connect them to Cynamics, view a summary of the recent activities from all of their clients, and drilling down to each threat detection root-cause analysis and to the respective client dashboard for further details. This dashboard can enhance MSSPs cybersecurity service offering to customers by leveraging Cynamics AI-driven technology and sample-based approach to provide 100% network visibility and threat prediction without requiring installation of an appliance or agent in the customer's network, no matter the network's size or environment. "The Cynamics MSSP offering was designed with our growing managed service customer-base in mind. Our goal was to deliver a dashboard that provides complete visibility across all client accounts in a central pane view that gives MSSPs more services to capture a greater opportunity amongst their customers" said Dr. Aviv Yehezkel, Co-Founder and CTO of Cynamics. "With Cynamics, our managed service partners reduce risk because of the lack of appliances and agents, as well as there are no permissions to the client's network, and no collecting or storing any sensitive or private client information at any time, therefore creating no additional attack surface", said Dr. Yehezkel. The Cynamics MSSP dashboard reduces the burden of managing, configuring and optimizing network security for clients with notoriously convoluted networks, differing environments and complex architectures. Cynamics solution uses proprietary AI and ML technology to enrich threat signals, patterns, and suspicious behaviors by detecting and classifying them in a generalized way which is agnostic to a specific network deployment. The solution autonomously and continuously is learning and improving with each additional deployment. The performance, capabilities and broad visibility offered by Cynamics gives MSSPs an edge in keeping their customers safe in the continuously evolving cybersecurity landscape. About Cynamics Cynamics is the only Next Generation (NG) Cloud Network Detection and Response (NDR) solution on the market today using standard sampling protocols built-in to every gateway, patented algorithms, as well as AI and Machine Learning, to provide threat prediction and visibility at speed and scale. Built to protect networks of all sizes and complexity, its highly scalable approach discovers threats missed by competitors and provides clients and partners with an elite defense against cyberattacks, with little-to-no burden on their resources.

Read More

DATA SECURITY

HUB Security Partners with Getronics for Global IoT Cyber Security Solutions

HUB Security | December 22, 2021

HUB Security, a secure computing solutions provider, announced it has signed a strategic partnership with global integration and Smart Space IoT leader, Getronics, to offer secure compute protection to hundreds of banks and organizations in the EU, LATAM, and APAC. HUB Security will be Getronics' cyber security partner and its cyber automation platform to enhance current offerings including Secure-by-Design iOT & Smart Spaces, Ransomware & IR, and SOC. Getronics' clients in 23 countries and in its Global Workspace Alliance will use HUB's confidential computing platform and additional innovative cybersecurity services to receive unparalleled protection. "With organizations facing increasing cyber challenges, we see great value in partnering with Getronics, a leader in digital transformation and integration,With a global reach and over 3700 experts, both companies can enhance cyber security protection for their clients and partners. " Eyal Moshe, CEO and co-founder of HUB Security "The global businesses we help support require the most advanced security platforms to maintain their operations," said Harsha Gowda Siddaveere, CTO Getronics. "HUB Security's offerings will allow our partners and customers a new level of cyber readiness facing new digital challenges in 2022." "Both parties in this partnership complement and enhance each other's global offering to be cyber resilient and prepared for the future," said Joseph Souren, VP Sales EMEA, Comsec, a HUB Security Group. About HUB Security HUB Security was established in 2017 by veterans of the 8200 and 81 elite intelligence units of the Israeli Defense Forces. The company specializes in unique Cyber Security solutions protecting sensitive commercial and government information. The company debuted an advanced encrypted computing solution aimed at preventing hostile intrusions at the hardware level while introducing a novel set of data theft prevention solutions. HUB operates in over 30 countries and provides innovative cybersecurity computing appliances as well as a wide range of cybersecurity professional services worldwide. About Getronics Getronics is a global ICT integrator with an extensive history that extends over 130 years. With over 3,700 colleagues across Europe, Asia Pacific, and Latin America, Getronics' vision is to reimagine the digital future, one customer at a time. We do this by leveraging an integrated and secure-by-design portfolio around Digital Workplace, Business Applications, Smart Spaces, Multi-Cloud, Field & Onsite Support, Service Desk, Network Infrastructure, and Security & Compliance to serve our more than 1,800 customers in both public and private sector.

Read More

PLATFORM SECURITY

Cybersecurity Startup ActZero Partners with Measured Analytics and Insurance

ACTZERO | December 15, 2021

ActZero, a cybersecurity startup whose AI-driven platform makes best-in-class security accessible for businesses of all sizes, today announced a strategic partnership with Measured Analytics and Insurance, the data and analytics-driven cyber insurance company. The partnership will enable businesses to protect themselves against emerging security threats with an integrated risk management approach. Recent reports by lead researchers have found that a majority of organizations have experienced incidents of ransomware or phishing in the last 12 months, while other cybersecurity threats are also on the rise. This trend means that more and more businesses need to level up their cybersecurity posture, while also preparing for the ramifications of potential attacks with cybersecurity-specific insurance. The partnership between ActZero and Measured is among the first to holistically address a business's cybersecurity needs by combining sophisticated managed detection and response services designed to stop attacks and extortion with insurance services that position companies to mitigate potential losses. "We're pleased to be working with Measured, which will serve as the foundation of our integrated risk management distribution channel,Pairing our solution with insurance coverage to better protect customers represents another leap forward in our pursuit of making cybersecurity more effective and affordable for small and mid-sized enterprises." Chris Finan, ActZero's Chief Operating Officer The ActZero platform combines next-generation antivirus protection, endpoint detection and response, extended detection and response technologies, and 24/7 automated and managed threat hunting capabilities to detect and prevent all types of cybersecurity threats, from commodity malware to sophisticated, headline attacks across endpoints, network and cloud. The combined offering with Measured means that ActZero clients can now take advantage of streamlined access to cyber insurance at better rates. Measured Analytics and Insurance sells industry-leading comprehensive cyber insurance backed by the most reputable reinsurance companies in the world. Measured tackles the challenge of underwriting cyber insurance by combining proprietary data and machine learning algorithms to assess and price cyber insurance for small- and mid-sized businesses. In partnering with ActZero, Measured's clients gain access to a robust suite of cybersecurity technologies at preferred rates. "In this era of growing concerns and evolving threats, it's critical to complement our cyber insurance offering with innovative detection and response capabilities to stop problems before they start," said Jack Vines, CEO of Measured Insurance. "ActZero is the ideal partner to deliver on this promise, enabling our customers to implement sophisticated risk management strategies, thereby best positioning themselves against today's current threat climate." ABOUT ACTZERO ActZero is a cybersecurity startup that makes small- and mid-size businesses more secure by empowering teams to cover more ground with fewer internal resources. Our intelligent managed detection and response service provides 24/7 monitoring, protection and response support that goes well beyond other third-party software solutions. Our teams of data scientists leverage cutting-edge technologies like AI and ML to scale resources, identify vulnerabilities and eliminate more threats in less time. We actively partner with our customers to drive security engineering, increase internal efficiencies and effectiveness and, ultimately, build a mature cybersecurity posture. Whether shoring up an existing security strategy or serving as the primary line of defense, ActZero enables business growth by empowering customers to cover more ground. ABOUT MEASURED ANALYTICS AND INSURANCE Measured Insurance offers an analytics-based approach to cyber insurance, specifically quantifying specific exposure to ransomware attacks. Measured Insurance is bridging the gap between technology and insurance by using AI-powered analytics that tracks individual exposure in real-time to create smarter insurance products. Every policy is tailored to fit the individual client–clearly identifying pre-event exposure in seven fundamental areas and customizing post-event loss mitigation services with real experts, real people, and real help if ever needed.

Read More

Spotlight

These days the buzz word “Cybersecurity” is tossed around frequently. But what does it really mean? Cybersecurity is the business and processes of protecting IT systems, networks and computers from the theft of electronic assets, information and data. It is a very real concern in a constantly connected world that is evolving digitally.

Resources