FYI...
Fake 'confirmation' SPAM - delivers Locky
- https://myonlinesecurity.co.uk/the-l...cro-word-docs/
25 Apr 2017 - "... another 2 mass malspam onslaughts with different email subjects. The first is 'confirmation_12345678.pdf' (random numbers) pretending to come from info@ random .tld with a PDF attachment that contains an embedded malicious word doc with macros that delivers Locky ransomware. The second is a -blank- email with the subject of 'paper', coming from random names, companies and email addresses. In all cases the alleged sending address is -spoofed- ... In both campaigns the PDF appears totally to be a -blank- page but still contains the embedded macro word doc that will infect you when opened. These macro enabled word docs embedded into PDF files can easily infect you, -IF- you have default PDF settings set in Adobe Reader. See HERE[1] for safe settings to stop these working...
1] https://myonlinesecurity.co.uk/embed...ly-infect-you/
... 2 distinct malspam approaches today. First coming from 'scanner' (or other MFD, like scan, Epson, Printer, canon etc ) @ your-own-email-domain with a subject of 'scan data'. The second comes from totally random names @ your-own-email-domain with a subject of '12345678.pdf' (random numbers) and has a completely -empty- email body...
Screenshot1: https://myonlinesecurity.co.uk/wp-co...nfirmation.png
Screenshot2: https://myonlinesecurity.co.uk/wp-co...ocky_paper.png
6446165b2.pdf - Current Virus total detections 13/56*. Payload Security** drops 216616.docm downloads from
http ://parallelsolutions .nl/jhg67g which is converted by the macro to pitupi2.exe
(VirusTotal 23/59***) (Payload Security[4])... DO NOT follow the advice they give to enable macros or enable editing to see the content... The basic rule is NEVER open any attachment to an email, unless you are expecting it..."
* https://www.virustotal.com/en/file/e...is/1493096091/
** https://www.hybrid-analysis.com/samp...ironmentId=100
Contacted Hosts
159.253.0.19
*** https://www.virustotal.com/en/file/a...is/1493096408/
pitupi2.exe
4] https://www.hybrid-analysis.com/samp...ironmentId=100
parallelsolutions .nl: 159.253.0.19: https://www.virustotal.com/en/ip-add...9/information/
> https://www.virustotal.com/en/url/6d...c163/analysis/
___
Phish attacks responsible for 3/4 of all malware
- https://www.helpnetsecurity.com/2017...tacks-malware/
April 25, 2017 - "With phishing now widely used as a mechanism for distributing ransomware, a new NTT Security reveals that 77% of all detected ransomware globally was in four main sectors – business & professional services (28%), government (19%), health care (15%) and retail (15%):
> https://www.helpnetsecurity.com/imag...y-042017-2.jpg
While technical attacks on the newest vulnerabilities tend to dominate the media, many attacks rely on less technical means. According to the GTIR, phishing attacks were responsible for nearly three-quarters (73%) of all malware delivered to organizations, with government (65%) and business & professional services (25%) as the industry sectors most likely to be attacked at a global level. When it comes to attacks by country, the U.S. (41%), Netherlands (38%) and France (5%) were the top three sources of phishing attacks. The report also reveals that just 25 passwords accounted for nearly 33% of all authentication attempts against NTT Security honeypots last year. Over 76% of log on attempts included a password known to be implemented in the Mirai botnet – a botnet comprised of IoT devices, which was used to conduct, what were at the time, the largest ever distributed denial of service (DDoS) attacks. DDoS attacks represented less than 6% of attacks globally, but accounted for over 16% of all attacks from Asia and 23% of all attacks from Australia. Finance was the most commonly attacked industry globally, subject to 14% of all attacks. The finance sector was the only sector to appear in the top three across all of the geographic regions analysed, while manufacturing appeared in the top three in five of the six regions. Finance (14%), government (14%) and manufacturing (13%) were the top three most commonly attacked industry sectors:
> https://www.helpnetsecurity.com/imag...y-042017-1.jpg
... NTT Security summarizes data from over 3.5 -trillion- logs and 6.2 -billion- attacks for the 2017 Global Threat Intelligence Report (GTIR)*..."
* https://www.nttcomsecurity.com/us/gtir-2017/
___
Phish: PayPal Credit Service Security Check
- https://security.intuit.com/index.ph...security-check
24 April 2017 - "People are reporting receiving -fake- emails as found below. Please be aware that the From address as well as the Subject line may change; however, the content with in the body of the email will stay the same with the exception of a change to the malicious URL link, which may have many different variations. Below is an example of the email people are receiving:
> https://security.intuit.com/images/2...4_14-51-41.png
... end of the -fake- email..."