your passport to all things web
Holiday Season Brings New Threats
Please take the time to review the information below. Some of these we have already seen at PSAB and between now and Christmas, they are sure to increase. It is impossible for IT to filter every possible attack, so lets pull together and stay vigilant!
Please note that this security bulletin is being documented. Take note of the fields at the bottom of this message.
New attacks leverage HR Authority. HR should never request any type of a response via Email in an organization the size of PSAB. HR requests or documents received via Email should always be confirmed and verified.
Email Holiday Wishes, even from those your trust, should be considered suspect.
Looking to take advantage of a nation preparing for a collective food coma, the cybercriminals behind the campaign have so far sent out 27,000 or so messages daily, with verbiage that marks a departure from the standard financial themes regularly seen used as phishing lures by the group. The messages are seemingly full of holiday spirit: “In this season of thankfulness, we are especially grateful to you, who have worked so hard to built the success of our company. Wishing you and your family a Thanksgiving full of blessings.” Then, “Thanksgiving Day Card.” The “card,” of course, is anything but something to give thanks for. It’s actually a document with embedded macros leading to a PowerShell downloader for the Emotet payload, which acts as a dropper for other payloads in addition to its banking trojan capabilities. If you click on the document the attack is launched.