Before the May holidays, a new wave of hacker attacks began on Russian companies. Under the guise of letters from partner companies that make pre-trial claims and demand repayment of certain debts, enterprises receive malicious programs by mail.
According to Kaspersky Lab, whose specialists have discovered more than 500 such cases, the letters differ in content and legends, but the demand for money and intimidation with court and other problems for the addressee is invariably present.
The attachment contains a .doc file; if a person downloads and opens it, another malicious file in RTF format is automatically downloaded. Then a chain of downloads is launched, as a result of which Cobalt Strike penetrates the device. Initially, software with this name is a legitimate tool used for penetration testing, but it can also be used by attackers to carry out targeted cyberattacks in order to penetrate the organization's infrastructure.
Cybersecurity experts advise Russian companies to install a professional protection solution that will automatically send such letters to spam. It is also recommended to provide employees of the cybersecurity department with timely access to the latest information about the latest tactics, techniques and procedures used by fraudsters, in particular through Threat Intelligence services.
Finally, ordinary employees need cybersecurity training and training to distinguish social engineering technologies and resist them. Then fraudsters will not be able to manipulate them and force them to perform actions that will help to infiltrate the enterprise system from the outside.
Read materials on the topic:
Owners of smart sex toys in Russia became victims of hackers
Roskomnadzor has opened the hunting season for fraudsters in messengers
False police officers and false employees of "Gosuslugi" - a new telephone fraud scheme in Russia
