itb-nz logo
Story image

Microsoft warns of huge email phishing scam

Microsoft has issued an alert to users concerning a new widespread COVID-19 themed phishing campaign that installs the NetSupport Manager remote administration tool to completely take over a user's system and execute commands on it remotely. 

In a series of Tweets, the Microsoft Security Intelligence team provided further details on the ongoing campaign, saying that cybercriminals were using malicious Excel attachments to infect user's devices with a remote access trojan (RAT). 

The attack begins with potential victims receiving an email that impersonates the John Hopkins Center.

Commenting on the alert, Jake Moore, cybersecurity specialist at ESET says remote attacks were inevitably going to be on the increase as more people access their office networks remotely. 

"As the UK workforce went home, large numbers of people have fired up their own, and no doubt old, devices to work from," says Moore.

"This increases the chances of attacks without the proper security checks in place, but coupled with authentic-looking emails with a genuine reason to use remote software, it becomes a plausible con. Moreover, it would seem many people have relaxed their barrier to phishing scams amid the desperation to find the latest COVID-19 news, so when scammers use names like John Hopkins University, this seems to be working better than the classic Netflix or HMRC scams," he explains.

In the Tweets, Microsoft says, "We’re tracking a massive campaign that delivers the legitimate remote access tool NetSupport Manager using emails with attachments containing malicious Excel 4.0 macros. The COVID-19 themed campaign started on May 12 and has so far used several hundreds of unique attachments.

"The emails purport to come from Johns Hopkins Center bearing "WHO COVID-19 SITUATION REPORT". The Excel files open w/ security warning & show a graph of supposed coronavirus cases in the US. If allowed to run, the malicious Excel 4.0 macro downloads & runs NetSupport Manager RAT," Microsoft said. 

"For several months now, we’ve been seeing a steady increase in the use of malicious Excel 4.0 macros in malware campaigns. In April, these Excel 4.0 campaigns jumped on the bandwagon and started using COVID-19 themed lures.

"The hundreds of unique Excel files in this campaign use highly obfuscated formulas, but all of them connect to the same URL to download the payload. NetSupport Manager is known for being abused by attackers to gain remote access to and run commands on compromised machines. The NetSupport RAT used in this campaign further drops multiple components, including several .dll, .ini, and other .exe files, a VBScript, and an obfuscated PowerSploit-based PowerShell script. It connects to a C2 server, allowing attackers to send further commands."
 

Story image
Video: 10 Minute IT Jams - Who is Dynabook?
Dynabook is the new branding for what many may know as Toshiba. The change in branding happened in 2018, and the company remains one of the world’s largest PC manufacturers.More
Story image
Why business continuity must adapt to secure the new way of working
It’s now clear that unplanned digital transformation undertaken at the outset of lockdowns, no matter how justified, could have consequences that will be felt for the next few years.More
Story image
How multi-cloud visibility ensures business continuity
One of the most common applications and use cases that we’ve seen for this capability is tracking the status of SSL/TLS certificates on the thousands of application and communication servers that make up an enterprise network.More
Link image
Virtual demo: Diagnose network cabling problems with the LinkIQ Cable+Network Tester
If you’re finding it difficult to install access points and cabling, or if you can’t pinpoint an issue with a video camera or end user, the LinkIQ Cable+Network Tester could be exactly what you need. Try a free, fully interactive demo now.More
Story image
The ultimate remote working hardware and software kit
The Poly Studio P5 kit includes a quality webcam and a stereo headset, as well as cloud management software, Poly Lens, which provides robust tools to manage and track devices from anywhere.More
Story image
Fujitsu acquires data analytics management consultancy, Versor
Versor will operate as a Fujitsu company under the continued leadership of Dougall McBurnie. More