Breakdown of Attack against WatchPoint
Inspect! Inspect! Inspect!
There are a number of tools available on the web that I use when inspecting emails. I’ll use a WHOIS lookup first to get some information on Rambler.ru. What I find is that Rambler.ru is registered to Rambler Internet Holdings, LLC and the IP address originates from Moscow. It appears they have been in business since 1996, so I’m not really concerned with Rambler Internet Holdings, LLC but I am very concerned about the sender because it’s safe to assume they reside in Russia and Russia happens to be one country that is constantly bombarding the United States with cyber-attacks.
Next, I need to inspect the attachment called Resume.doc to see if there are any threats. I ran the file through virustotal.com and got some hits telling me it was definitely not a good idea to open this document.
The Rise of Banking Trojans
Very recently I wrote a couple of articles discussing the rise and fall of a very nasty banking Trojan called Dyre. You can read both of those articles here.
As it turns out, this resume contained macros that would execute and download a banking Trojan called Dridex. As previously predicted; with the fall of the Dyre Virus, Dridex is in a great position to be one of the dominant banking Trojans for 2016. Banking Trojans are nasty things designed only to help cybercriminals steal YOUR money from YOUR bank account. Without a proper cyber liability policy and cyber defensive mechanisms, we are finding banks and insurance companies have no obligation to insure or refund your losses.
The Odds are Against You
At WatchPoint, I really enjoy inspecting spam emails for malicious content and then running them in my sandbox to see what they can do. I have 15 years experience in IT and have a good understanding of what to look for when examining emails for suspicious content. I’ll all but guarantee that those in your HR department do not share those qualities. They are experts in Human Resources; not Information Technology. Your employees are the weakest link and employee education against all the possible cyber threats of the 21st century is not very strong in most organizations. I hope you are asking yourself now “Would my HR team open a phishing email?” There is a very good chance that the answer to that question is yes. The odds are against you unless you fight back with 21st Century technology like CryptoStopper. Never head of CryptoStopper? Inquire today and I’ll show you how CryptoStopper discovers ransomware that your antivirus and firewall miss.
Watch CryptoStopper Stop a Ransomware Attack