Are You Having A Technology Emergency?

True North Networks Blog

True North Networks has been a national provider since 2002, providing IT support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Beware: Spoofed Email From the SEC

Be aware of a NEW malware email campaign that is highly targeted in nature and uses spear phishing emails that are spoofed to make them appear as if they were sent by the Securities and ExchangeSEC compliance Commission (SEC) in an attempt to add a level of legitimacy and convince users to open them. The emails are pretending to be from the SEC Electronic Data Gathering Analysis and Retrieval (EDGAR) system and the authentic looking phishing email contains an attachment complete with logos, branding, and wording that would you would expect to see on documents received from the SEC.

When the attached Word document is opened, victims would be greeted with a message informing them that the document contains links to external files, and asking them to allow/deny the content to be retrieved and displayed. Should they agree, the malicious document reaches out to an attacker-controlled command-and-control (C&C) server which executes the first malware infection. Code is retrieved, obfuscated, and then executed, which kicks off persistence on systems, registry rewrites, scheduled task creation, and DNS requests are made. In this particular case, the malware features the capability to leverage scheduled tasks, as well as registry keys to obtain persistence making it more likely that subsequent attacks can fly under the radar for longer periods.

Please let your staff know to be extra careful with email that appears to be coming from the SEC, and in particular their EDGAR system, or with an attachment.

Cybersecurity in the Workplace is Everyone’s Busin...
What You Can Do to Protect your Personally Identif...
Comment for this post has been locked by admin.


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Monday, September 26 2022

Captcha Image