August 6, 2018 By Shane Schick < 1 min read

A phishing campaign that delivers malware designed to steal banking data and other private information was discovered targeting a group of Australian businesses.

The attackers disguised their messages as invoices issued by MYOB, a local accounting software firm, according to a July 2018 Trustwave report. Users who clicked on the email links were directed to a file transfer protocol (FTP) server with a modular version of the DanaBot malware.

Once the three component pieces are activated, cybercriminals can send encrypted data, such as screenshots of victims’ machines, back to a command-and-control (C&C) server where it can be distributed covertly using channels like Tor.

Phishing Campaign Targets Businesses

This tactic suggests that the perpetrators designed the phishing campaign specifically to target business professionals. Tracking invoices is critical in almost any kind of company, which means victims are likely to pay greater attention to these messages. Using FTP also makes the malicious emails appear more legitimate than they would if they came from an unknown HTTP address.

Finally, the fact the DanaBot banking Trojan is broken up into multiple, heavily encrypted pieces means that it is flexible and agile enough to evade detection.

How Can Organizations Strengthen Email Security?

Security professionals can help protect their organizations from phishing campaigns by developing a layered approach to email security. IBM experts recommend investing in external solutions that pull data from sensors and other sources to scan all incoming messages.

They also recommend that security teams implement perimeter protection using spam detection tools and antispam solutions that can run on internal mailer servers on corporate networks. Finally, mail clients should be connected to a protection mechanism that detects spam and phishing attempts.

Source: Trustwave

More from

What cybersecurity pros can learn from first responders

4 min read - Though they may initially seem very different, there are some compelling similarities between cybersecurity professionals and traditional first responders like police and EMTs. After all, in a world where a cyberattack on critical infrastructure could cause untold damage and harm, cyber responders must be ready for anything.But are they actually prepared? Compared to the readiness of traditional first responders, how do cybersecurity professionals in incident response stand up? Let’s dig deeper into whether the same sense of urgency exists in…

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

Stealthy WailingCrab Malware misuses MQTT Messaging Protocol

14 min read - This article was made possible thanks to the hard work of writer Charlotte Hammond and contributions from Ole Villadsen and Kat Metrick. IBM X-Force researchers have been tracking developments to the WailingCrab malware family, in particular, those relating to its C2 communication mechanisms, which include misusing the Internet-of-Things (IoT) messaging protocol MQTT. WailingCrab, also known as WikiLoader, is a sophisticated, multi-component malware delivered almost exclusively by an initial access broker that X-Force tracks as Hive0133, which overlaps with TA544. WailingCrab…

Operationalize cyber risk quantification for smart security

4 min read - Organizations constantly face new tactics from cyber criminals who aim to compromise their most valuable assets. Yet despite evolving techniques, many security leaders still rely on subjective terms, such as low, medium and high, to communicate and manage cyber risk. These vague terms do not convey the necessary detail or insight to produce actionable outcomes that accurately identify, measure, manage and communicate cyber risks. As a result, executives and board members remain uninformed and ill-prepared to manage organizational risk effectively.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today