Seedworm Operation Spreads Malware via Phishing Attacks

Phishing Spam Graphic2018 has been a busy year for new threats spread via email, with spear-phishing and Business-Email-Compromise (CEO fraud) the rising star for cyber-criminals intent on draining your bank account. Recent victims include Google and Facebook ($100 million lost), McEwan University (almost $12 million lost), a New York judge ($1 million), and a Dutch cinema chain (over $21.5 million). These threats will continue to grow as cyber-criminals try new tactics to separate you from your money. The latest trend involves using encrypted HTTPS connections to trick users into thinking they’re visiting a secure site.  This means users can no longer trust a site that displays the green padlock icon in the address bar. Always verify that you’re visiting a legitimate site before entering any personal information such as Social Security or credit card numbers, otherwise, your private data could be transmitted to a hacker.

As we continue to bring awareness to these threats, new ones emerge almost daily. In the past three months, a cyber-espionage group known as Seedworm (aka MuddyWater) has used spear-phishing attacks to infect 131 individuals with the Powermuddy backdoor (a new variant of their Powermud backdoor). Once a system has been compromised, this malware runs a tool that steals passwords from a user’s browser and email, often leading to access to the victim’s email and social media accounts.

Protect Yourself from the Latest Threats

Over the years, I’ve posted many times about phishing, spear-phishing, and other threats, with a variety of suggestions for protecting yourself and your business from becoming the next victim. Throughout these posts (from oldest to newest), you’ll find lots of tips to avoid being tricked by these email-borne scams.

As the threat landscape continues to evolve, businesses of all sizes must maintain awareness of the latest email-borne threats and educate staff at all levels, from entry level to C-suite. After all, without the right tools and procedures in place, it only takes one misguided mouse click to damage a business’ reputation or send it into bankruptcy.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Leave a Reply

Your email address will not be published. Required fields are marked *