itb-nz logo
Story image

Microsoft warns of huge email phishing scam

Microsoft has issued an alert to users concerning a new widespread COVID-19 themed phishing campaign that installs the NetSupport Manager remote administration tool to completely take over a user's system and execute commands on it remotely. 

In a series of Tweets, the Microsoft Security Intelligence team provided further details on the ongoing campaign, saying that cybercriminals were using malicious Excel attachments to infect user's devices with a remote access trojan (RAT). 

The attack begins with potential victims receiving an email that impersonates the John Hopkins Center.

Commenting on the alert, Jake Moore, cybersecurity specialist at ESET says remote attacks were inevitably going to be on the increase as more people access their office networks remotely. 

"As the UK workforce went home, large numbers of people have fired up their own, and no doubt old, devices to work from," says Moore.

"This increases the chances of attacks without the proper security checks in place, but coupled with authentic-looking emails with a genuine reason to use remote software, it becomes a plausible con. Moreover, it would seem many people have relaxed their barrier to phishing scams amid the desperation to find the latest COVID-19 news, so when scammers use names like John Hopkins University, this seems to be working better than the classic Netflix or HMRC scams," he explains.

In the Tweets, Microsoft says, "We’re tracking a massive campaign that delivers the legitimate remote access tool NetSupport Manager using emails with attachments containing malicious Excel 4.0 macros. The COVID-19 themed campaign started on May 12 and has so far used several hundreds of unique attachments.

"The emails purport to come from Johns Hopkins Center bearing "WHO COVID-19 SITUATION REPORT". The Excel files open w/ security warning & show a graph of supposed coronavirus cases in the US. If allowed to run, the malicious Excel 4.0 macro downloads & runs NetSupport Manager RAT," Microsoft said. 

"For several months now, we’ve been seeing a steady increase in the use of malicious Excel 4.0 macros in malware campaigns. In April, these Excel 4.0 campaigns jumped on the bandwagon and started using COVID-19 themed lures.

"The hundreds of unique Excel files in this campaign use highly obfuscated formulas, but all of them connect to the same URL to download the payload. NetSupport Manager is known for being abused by attackers to gain remote access to and run commands on compromised machines. The NetSupport RAT used in this campaign further drops multiple components, including several .dll, .ini, and other .exe files, a VBScript, and an obfuscated PowerSploit-based PowerShell script. It connects to a C2 server, allowing attackers to send further commands."
 

Story image
InternetNZ urges political parties to commit to digital inclusion action plan
The five point plan sets out the priority areas where InternetNZ says Government can best direct its efforts and investments to improve digital inclusion in New Zealand.More
Story image
4 steps to overcome common infrastructure monitoring challenges
By taking steps to create visibility across their entire tech stacks, companies can create a modern environment and a culture of visibility while gaining full observability across their infrastructure. More
Link image
How to effectively accelerate 5G device workflow
Achieving a first-to-market advantage in 5G requires innovative network emulation solutions that accelerate the device workflow. Find the 5G network emulation software that's right for you.More
Story image
5 ways to use data science to predict security issues - Forcepoint
Data science enables people to respond to problems in a better way, and to also understand those problems in a way that would not have been possible 50 years ago.More
Story image
Gartner: By 2023, 65% of the world will have personal data covered under modern privacy regulations
“Security and risk management (SRM) leaders need to help their organisation adapt their personal data handling practices without exposing the business to loss."More
Story image
Microsoft to launch cloud service for healthcare firms
Microsoft Cloud for Healthcare, launching on 30 October, includes managed services such as Azure, Microsoft 365, Dynamics 365, Power Platform, and partner solutions to support healthcare firms.More