Hundreds of organisations in a variety of sectors have been receiving what appear to be legitimate procurement and accounting letters. However, the emails contain malicious attachments and attempt to trick the receivers into giving away confidential corporate data that can be used for criminal financial gain.
This is a new wave of financial spear-phishing emails identified by Kaspersky Lab researchers, affecting about 800 employees in more than 400 industrial organisations. The companies affected have been mainly based in Russia and in sectors ranging from oil and gas, to metallurgy, energy, construction, and logistics.
Targeted, personal emails
The letters were carefully written and targeted to include the recipient's name and personal details as well as information pertinent to each company. Kaspersky's report said: “The emails were disguised as legitimate procurement and accounting letters, containing content that corresponded to the profile of the attacked organizations and took into account the identity of the employee – the recipient of the letter.”
Malware downloaded from the email attachments modifies the company's legitimate software, enabling criminals to connect to the computer and access documents and software related to the procurement, financial and accounting operations. The criminals could then commit financial fraud by changing requisites in payment bills, for example. They could also obtain administrator rights or steal user authentication data by uploading additional sets of malware, prepared individually for an attack on each victim. According to Kaspersky, this included spyware, additional remote administration tools that extend the control of attackers on infected systems and malware to exploit vulnerabilities in the operating system, as well as the Mimikatz tool that allows users to obtain data from Windows accounts.
What should you do?
The company issued this advice for companies:
- use security solutions with dedicated functionality aimed at detecting and blocking phishing attempts; and
- introduce security awareness initiatives, including gamified training with skills assessments and reinforcement through the repetition of simulated phishing attacks.
Kaspersky Lab's Vyacheslav Kopeytsev commented: “The attackers demonstrated a clear interest in targeting industrial companies. Based on our experiences, this is likely to be due to the fact that their level of cybersecurity awareness is not as high as it is in other markets such as financial services. That makes industrial companies a lucrative target for cybercriminals, not only in Russia, but across the world.”
Fintech payment services appealing to Asian corporates
Asian corporates are increasingly attracted towards payment services from non-bank providers, amid record investment growth in fintechs
New Thomson Reuters US Treasury & % rate swaps pricing
Definitive source for USD interest rate swaps RCM 19901 - the price discovery and global % risk rating - enhanced by collaboration with
Battle of trade finance blockchain platforms hots up BUT…
Trade finance platform expansion continues with each bidding for new members, but can they talk to each other?