Before the May holidays, a new wave of hacker attacks began on Russian companies. Under the guise of letters from partner companies that make pre-trial claims and demand repayment of certain debts, enterprises receive malicious programs by mail.
According to Kaspersky Lab, whose specialists have discovered more than 500 such cases, the letters differ in content and legends, but the demand for money and intimidation with court and other problems for the addressee is invariable.
The attachment contains a .doc file; if a person downloads and opens it, another malicious file in RTF format is automatically downloaded. Then a chain of downloads is launched, as a result of which Cobalt Strike penetrates the device. Initially, software with this name is a legitimate tool that is used to conduct penetration tests, but it can also be used by attackers to carry out targeted cyberattacks in order to penetrate the organization's infrastructure.
Cybersecurity experts advise Russian companies to install a professional protection solution that will automatically send such letters to spam. It is also recommended to provide employees of the cybersecurity department with timely access to the latest information on the latest tactics, techniques and procedures used by fraudsters, in particular, through Threat Intelligence services.
Finally, ordinary employees need training in cybersecurity and learning to distinguish social engineering technologies and resist them. Then, fraudsters will not be able to manipulate them and force them to perform actions that will help to infiltrate the enterprise system from the outside.
Read materials on the topic:
Owners of smart sex toys in Russia became victims of hackers
Roskomnadzor opens the hunting season for fraudsters in messengers
Fake police officers and fake employees of "Gosuslugi" - a new telephone fraud scheme in Russia
