Could your business recover from a cyber-attack?
Imagine if your business was attacked tomorrow. Would you know what to do? Could your business survive?
A new kind of phishing campaign on LinkedIn is targeting people by using personalised job offers to infect victim’s devices with Trojan malware.
A new kind of phishing campaign on LinkedIn is targeting people by using personalised job offers to infect victim’s devices with Trojan malware.
In order to increase the chances of success of their malicious campaigns, the fake offer ZIP archive files have exactly the same name as the job titles of victims’ listed on their LinkedIn profile. For example, if the victim works as an Marketing Executive, the malicious file will be named Marketing Executive position (the word “position” is added to the end).
All it takes is opening a mystery job offer to unknowingly initiate the installation of a fileless backdoor* called more_eggs. Once done loading, it tries to download additional malicious plug-ins and provides direct access to the victim’s computer, say specialists from the eSentire Threat Response Unit in their analysis. In addition, this backdoor can act as a channel to download additional payloads from a server controlled by attackers. This can include banking Trojans, ransomware, and credential stealers.
The Trojan also uses legitimate Windows processes such as WMI to avoid detection by traditional antivirus tools. Meaning, it is a lot more difficult to detect and therefore more dangerous.
More_eggs campaigns such as this have been around for a few years, and the backdoor itself has been assigned to the Golden Chickens group (Malware as a service provider). The authors of the latest campaign are yet to be uncovered – more_eggs has been exploited in the past by various criminal groups online. The group is believed to be using a large number of COVID-19 layoffs to popularize the campaign.
Worried about cyber security? We can help. Get in touch for advice and keep your data safe.
SOURCE: https://thehackernews.com/2021/04/hackers-targeting-professionals-with.html
* A backdoor is a typically covert method of bypassing normal authentication or encryption in a computer, product, embedded device, or its embodiment. Backdoors are most often used for securing remote access to a computer or obtaining access to plaintext in cryptographic systems. (Wikipedia)
Imagine if your business was attacked tomorrow. Would you know what to do? Could your business survive?
Did you know that around to 88% of UK companies have suffered breaches last year? And did you know that one small business in the UK is successfully hacked every 19 seconds? This is why we have put together a short guide that will help you recognise signs of cyber-attack and know how to respond fast.
In today’s digital world, understanding and implementing cyber security measures is no longer optional for businesses. It’s a necessity. The increasing number of cyber threats poses a significant risk to businesses of all sizes, making it imperative for businesses to prioritise cyber security.