Story image

Check Point warns against email scammers posing as utility bills

07 Jun 16

The Check Point Incident Response Team (CPIRT) has received numerous reports of ransomware being spread via fake utility bills.

According to a company blog post, the campaign uses realistic looking emails coming from compromised e-mail accounts. This ransomware also appears to install key loggers and appears to try and steal e-mail account details to spread further.

Users receive the email, then have to click on a link, this then directs them to a compromised website which will then re -direct them to a fake site from utility providers, currently the attackers are pretending to be AGL.

Check Point says the fake page looks realistic and contains a captcha that users need to complete. If a user tries to visit this page via a mobile device or Apple Mac it will give them an error message saying they need to access it from a Microsoft Windows computer. This results in a number of users forwarding it to their corporate email.

Check Point Anti-virus currently detects and prevents the current ransomware, and Check Point’s Incident Response and ThreatCloud Intelligence Teams are actively monitoring this campaign and protecting Check Point’s customers.

The Check Point Incident Response Team recommends organisations deploy HTTPS Inspection, Sandboxing in hold and prevent, and application white listing and perform scrubbing on incoming documents.

“It is important that organisations review and test their backup strategies as ransomware will frequently delete previous versions and encrypt data on file shares,” Check Point says.

SUMMARY

Check Point says it is important that organisations make their users aware of the widespread prevalence of ransomware and the damage it can cause.

It is also important that organisations deploy controls that keep up with the changing landscape especially:

1. HTTPS Inspection

2. Sandboxing that can hold and prevent the initial file

3. Keep IPS to update to detect and prevent exploit kits and suspicious JavaScript (Check Point IPS has numerous protections for this).

 4. Have a well-rehearsed and tested incident response plan.

JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Securing hotel technology to protect customer information
Network security risks increase exponentially as hotels look to incorporate newer technologies to support a range of IoT devices, including smart door locks.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.
WatchGuard appoints new channel distributors in A/NZ
The appointments will enable WatchGuard to expand its regional channel reseller footprint.
Tensions on the rise after Huawei CFO arrest
“Recently our corporate CFO, Meng Wanzhou, was provisionally detained by the Canadian authorities on behalf of the United States of America."
Palo Alto Networks integrates RedLock and VM-Series with AWS Security Hub
AWS Security Hub is designed to provide users with a comprehensive view of their high-priority security alerts and compliance status.