Earlier this week, Microsoft Security Intelligence tweeted that somehow a remote access Trojan (RAT) campaign was being tracked by them which was aimed at the aerospace and travel sectors by emailing spear-phishes that spreads an actively created loader and then deliver RevengeRAT or AysncRAT.
In the context of the exchange of tweets, it was pointed out that attackers use the RATs for theft of data, follow-up operation, and additional payloads, such as Agent Tesla. The loader is being developed and named Morphisec's Snip3.
These campaigns are not surprising particularly when everyone leaves the lockdown and the people travel again making the travel and tourism industry rich, stated Netenrich's chief information security officer Chris Morales.
“The level of targeting is also a reason why it’s so hard to detect attacks,” Morales added. “They change and are tailored. SecOps has to align to with threats targeting their organizations specifically and not look for generic threats.”
New Net Technologies, vice president for security studies, Dirk Schrader, stated that he intends to see sectoral spear-phishing campaigns as everyone emerges from the pandemic. “Using familiar language and terminology can help in the effectiveness of a targeted campaign,” Schrader said. “It’s not shocking that attackers are targeting the transport sector as the sector is about to come back to life. Therefore, a well-crafted campaign addressing this situation is even better.”
Roger Grimes, KnowBe4 Data-Driven Defense evangelist, adds that when attackers enter one industry company, they could read their emails and use this freshly infiltrated spot known as "cyber haven" to target their partners.
The mails come from individuals who use the email topic threads in which they are involved and email addresses the new victims' trust. There would be a much higher risk of the new victims falling into fraud when the request to click on the connection or to open a document arrives suddenly. This is the reason why the staff has to understand that phishing emails will come through people they know and trust and also that depending on an email address is not sufficient whether or not the employees recognize it.
Grimes said security awareness training should educate users on the following features to beware of e-mails, which invites users to do something completely foreign. Also, emails that arrive unexpectedly and the behavior can be detrimental to their own best interest or their organization.
“If any two of those traits are present, the recipient should slow down, stop, think and verify the request another way, like calling the person on a predefined phone number,” Grimes added.
