• News
  • Security
  • Products
  • About Seqrite
Seqrite Blog Blog
  • News
  • Security
  • Products
  • About Seqrite
Home  /  Phishing • Spear Phishing  /  Are industrial whales getting massacred by spear-phishing?
Big businesses getting trapped by phishing nets.
28 July 2020

Are industrial whales getting massacred by spear-phishing?

Written by Seqrite
Seqrite
Phishing, Spear Phishing
Estimated reading time: 2 minutes

Supply chains and industrial enterprises are being targeted through a series of ongoing spear-phishing attacks. This recent campaign, observed on systems within Germany, United States and Japan thus far, operates through the obfuscation of malware on public, legitimate sources.

Sophisticated attack chain

The attack chain is sufficiently drawn-out to escape detection. It starts through phishing emails that have been tailored and customized for each victim. These phishing emails urge the respondent to open the attached Excel document; on opening the document, users are asked to enable active content, triggering a malicious PowerShell script. On execution of the script, the code accesses a public image hosting service and proceeds to download an image which initiates the data-extraction procedure.

A unique attribute of this specialized spear-phishing campaign is that data is hidden in the downloaded image and is then later processed by the malware. This is a tactic called steganography which is defined as the practice of concealing specific data inside another piece of data. By hiding the data inside the image, the attackers can evade cybersecurity solutions that scan enterprise perimeters.

Analysis of this spear-phishing campaign observed that this is an extremely methodical and targeted attack. The original phishing emails are tailored to the specific targets – users in Japan received emails in Japanese with the attachment containing the malicious macro.

Unique in its attack capability

While researchers have found variants of this attack since 2018, this new variation is unique because of its affinity for industrial enterprises and supply chains. Mostly industrial enterprises have been attacked through this campaign so far. With the manufacturing sector already seeing a fundamental disruption in revenues due to the ongoing COVID-19 pandemic, this is another major challenge and could cause further problems, if not treated properly.

Secondly, as noted earlier, the execution of this phishing campaign is conducted through steganographic tactics by being embedded in images. This makes it impossible for cybersecurity solutions to detect and block malware. By using a decryption key for the malicious payload, it becomes even more difficult for security administrators to analyze and block the malware.

However, industrial enterprises should not panic but follow a set of security recommendations to ensure maximum protection:

  • Ensure employees are educated about spotting and reporting phishing campaigns. Periodic awareness in the form of information campaigns should be conducted so that employees are aware of the common tactics criminal use to trick them
  • As much as possible, macros should be restricted in Microsoft Office documents to lower the vulnerability threshold
  • The importance of strong authentication controls cannot be underemphasized. Employees, especially senior leaders, must be regularly reminded to maintain strong passwords for their user accounts and to regularly change them. Good password hygiene goes a long way in preventing these kinds of spear-phishing attacks.
  • If not already done, install and maintain an integrated cybersecurity solution with features such as anti-phishing and anti-virus. It is essential to update this cybersecurity solution regularly to ensure it is updated with the latest patches.

Seqrite Endpoint Security integrates a range of powerful features such as phishing & spam protection, Antivirus, Anti Ransomware & Email Protection to help industrial enterprises and other organizations ensure complete security and control.

 Previous PostBlue Mockingbird’ threat group targets servers in India for Cry...
Next Post  Is your router exposed to cyber threats? Here is how to safeguard...
Seqrite
About Seqrite

Follow us for the latest updates and insights related to security for enterprise networks. Subscribe to our newsletter to stay...

Articles by Seqrite »

Related Posts

  • Can office emails leave you skating on thin ice?

    Could you be blindsided when your CEO emails you?

    September 22, 2020
  • Beware:Phishing emails are sinking the ship of Manufacturing and Export Sectors.

    Advance Campaign Targeting Manufacturing and Export Sectors in India

    July 6, 2020
  • APTs Targeting Critical National Organizations

    Transparent Tribe Targeting Critical Indian Organizations

    May 12, 2020

No Comments

Leave a Reply.Your email address will not be published.

Cancel reply

CAPTCHA Image
Refresh Image

Popular Posts

  • The Data breach inferno burning big-ticket businesses The Data breach inferno burning big-ticket businesses February 5, 2021
  • Pharma Sector needs to streamline its insides to avoid cyberattacks Pharma Sector needs to streamline its insides to avoid cyberattacks February 12, 2021
  • Turn the Page: Cybersecurity Predictions for 2021 & beyond Turn the Page: Cybersecurity Predictions for 2021 & beyond February 18, 2021

Featured Authors

  • Seqrite
    Seqrite

    Follow us for the latest updates and insights related to security for...

    Read more..
  • Viraj Talikotkar
    Viraj Talikotkar

    Viraj is a Lead Technical Writer at Quick Heal Technologies. He is always on...

    Read more..
  • Sanjay Katkar
    Sanjay Katkar

    Sanjay Katkar is the Joint Managing Director and Chief Technology Officer of...

    Read more..

Latest Posts

  • Businesses now worried about the surge in COVID-19 infodemic

    Businesses now worried about the surge in COVID-19 infodemic

    February 26, 2021
  • Turn the Page: Cybersecurity Predictions for 2021 & beyond

    Turn the Page: Cybersecurity Predictions for 2021 & beyond

    February 18, 2021
  • Pharma Sector needs to streamline its insides to avoid cyberattacks

    Pharma Sector needs to streamline its insides to avoid cyberattacks

    February 12, 2021

Stay Updated!

Topics

Antivirus For Linux (10) apt (9) BYOD (9) COVID-19 (10) Cyber-attack (31) cyber-attacks (56) cyberattacks (12) Cybersecurity (279) cyber security (25) Cyber threat (29) cyber threats (44) Data (11) data breach (50) data breaches (27) data loss (28) data loss prevention (33) data protection (21) data security (13) DLP (49) Encryption (16) endpoint security (102) Enterprise security (14) EPS (9) Exploit (12) firewall (11) hackers (9) IoT (10) malware (58) malware attack (22) malware attacks (12) MDM (25) mobile device management (9) Network security (18) Patch Management (12) phishing (16) Ransomware (56) ransomware attack (29) ransomware attacks (30) ransomware protection (12) Seqrite (24) Seqrite Encryption (27) Seqrite EPS (33) Seqrite Services (16) UTM (34) Vulnerability (10)

Products

  • Endpoint Security (EPS)
  • Seqrite Encryption Manager
  • Seqrite Endpoint Security Cloud
  • Cloud Security
  • Seqrite mSuite
  • Seqrite MobiSMART
  • Unified Threat Management
  • Seqrite Secure Web Gateway
  • Antivirus for Server
  • Antivirus for Linux

Resources

  • White Papers
  • Datasheets
  • Threat Reports
  • Manuals
  • Case Studies

About Us

  • Company Overview
  • Leadership
  • Why choose SEQRITE?
  • Awards & Certifications
  • Newsroom

Archives

  • By Date
  • By Category

© 2020 Quick Heal Technologies Ltd. (Formerly Known as Quick Heal Technologies Pvt. Ltd.) Cookie Policies Privacy Policies

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website.
By browsing this website, you agree to our cookie policy.