Kaspersky Lab is sounding alarm bells over a new wave of cyberattacks targeting the makers of equipment and software for industrial enterprises. Germany, along with Japan, Italy and the UK, is one of the countries the cybercriminals have set their sights on. Phishing emails once again serve as the gateway into company networks.
The messages in question are customized to match the language spoken in each of the countries and urge their recipients to open an attached office document. The attachment, in turn, contains macros, which decrypt a PowerShell script which is then executed with exceptional secrecy and power. The script downloads an image file from a public image hosting service, which uses steganography to contain hidden data. This generates and executes a second PowerShell script, which is followed by a third script which finally installs a variant of the “Mimikatz” malware onto the user’s system. Mimikatz is a well-known tool for stealing authentication details from Windows computers, allowing criminals to use the credentials to gain access to other data on the compromised company network. Exactly what the attackers are aiming to achieve with this devious, highly targeted approach still remains unclear, according to Kaspersky Lab.
The attacks clearly demonstrate, however, how essential it is for networked companies to have a powerful email security solution, backed up with ongoing user education. Retarus’ Email Security service includes a high-performance phishing filter alreadyin its basic version, “Essential Protection”. And to sensitize your users about the dangers of phishing, we recommend our Anti-Phishing Guide, which you can download in five languages for free without having to register from our website and share within your organization.