sb-au logo
Story image

Microsoft warns of huge email phishing scam

Microsoft has issued an alert to users concerning a new widespread COVID-19 themed phishing campaign that installs the NetSupport Manager remote administration tool to completely take over a user's system and execute commands on it remotely. 

In a series of Tweets, the Microsoft Security Intelligence team provided further details on the ongoing campaign, saying that cybercriminals were using malicious Excel attachments to infect user's devices with a remote access trojan (RAT). 

The attack begins with potential victims receiving an email that impersonates the John Hopkins Center.

Commenting on the alert, Jake Moore, cybersecurity specialist at ESET says remote attacks were inevitably going to be on the increase as more people access their office networks remotely. 

"As the UK workforce went home, large numbers of people have fired up their own, and no doubt old, devices to work from," says Moore.

"This increases the chances of attacks without the proper security checks in place, but coupled with authentic-looking emails with a genuine reason to use remote software, it becomes a plausible con. Moreover, it would seem many people have relaxed their barrier to phishing scams amid the desperation to find the latest COVID-19 news, so when scammers use names like John Hopkins University, this seems to be working better than the classic Netflix or HMRC scams," he explains.

In the Tweets, Microsoft says, "We’re tracking a massive campaign that delivers the legitimate remote access tool NetSupport Manager using emails with attachments containing malicious Excel 4.0 macros. The COVID-19 themed campaign started on May 12 and has so far used several hundreds of unique attachments.

"The emails purport to come from Johns Hopkins Center bearing "WHO COVID-19 SITUATION REPORT". The Excel files open w/ security warning & show a graph of supposed coronavirus cases in the US. If allowed to run, the malicious Excel 4.0 macro downloads & runs NetSupport Manager RAT," Microsoft said. 

"For several months now, we’ve been seeing a steady increase in the use of malicious Excel 4.0 macros in malware campaigns. In April, these Excel 4.0 campaigns jumped on the bandwagon and started using COVID-19 themed lures.

"The hundreds of unique Excel files in this campaign use highly obfuscated formulas, but all of them connect to the same URL to download the payload. NetSupport Manager is known for being abused by attackers to gain remote access to and run commands on compromised machines. The NetSupport RAT used in this campaign further drops multiple components, including several .dll, .ini, and other .exe files, a VBScript, and an obfuscated PowerSploit-based PowerShell script. It connects to a C2 server, allowing attackers to send further commands."
 

Story image
rhipe adds Octopus licensing solutions to distie portfolio
The addition of Octopus Cloud provides rhipe partners with licensing solutions and management processes to support cloud transformation initiatives.More
Story image
auticon highlight benefits of cognitive diversity on Disabilities Day
A timely reminder that many people on the autism spectrum are able to bring new ways of thinking and problem-solving to tech challenges.More
Story image
Trend Micro integrates with AWS Network Firewall
As a Launch Partner, Trend Micro has integrated managed threat intelligence feeds from its cloud security solution to enable superior protection in line with this new AWS managed firewall service.More
Story image
The cybersecurity risks that come with re-onshoring Australian manufacturing
As technology such as IoT, robotic process automation (RPA) and artificial intelligence (AI) reshapes the manufacturing landscape, organisations are simultaneously put at an increased risk of a cyberattack.More
Link image
Where is your data? You'll find out in 2021
Next year, we will start to realise exactly how much intellectual property was stolen by attackers during the 2020 remote working shift, writes Forcepoint global CTO Nicolas Fischbach.More
Story image
Cyber-attackers target COVID-19 vaccine supply chain in sweeping phishing campaign
IBM’s Security X-Force, a task force created in the early days of the pandemic with an aim to combat cyber-attacks related to potential vaccines’ supply chains, released details on a coordinated effort to disrupt the COVID-19 ‘cold chain’.More