Dridex and Email: A Nasty Social Engineering Team

It seems like hackers find a new vulnerability every week, challenging enterprise security teams to find fixes. But the bad guys also recycle not-so-golden oldies, as seen in recent email phishing schemes involving a nasty piece of malware called Dridex.

Earl Carter and Armin Pelkmann, researchers from Cisco’s Talos Security Intelligence and Research Group, over the past two weeks noted a spate of phishing emails attempting to leverage Dridex, all of which utilized Microsoft Office macros. Using macros as an attack vector is so 1998, Carter told eSecurity Planet, largely because most enterprises follow the security best practice of disabling macros by default.

Because of this, “users forgot how dangerous macros could be,” Carter said.

Social Engineering Twist
Attackers now try to trick users into enabling macros through social engineering. In a blog post, Carter and Pelkmann wrote about three email campaigns that took place late last week, two of which lasted just a few hours. Each included a malicious attachment that would enable macros and open users to attack if opened. Despite the brief time windows, Carter said Talos’ sensors detected very large volumes of malicious messages, which suggests the Dridex network of infected systems sending spam is quite large.

Read the Full Article: Source – eSecurity Planet

source not found

Related Article

Leave a Reply