Highlights:
The begining of March has seen On March 2, Microsoft said there were vulnerabilities in its Exchange Server mail and calendar software for corporate and government data centers. The vulnerabilities go back 10 years, and have been exploited by Chinese hackers at least since January.
- The group, which Microsoft has dubbed Hafnium, has aimed to gain information from defense contractors, schools and other entities in the U.S., according to a blog post by Microsoft VP Tom Burt.
- The hack could lead companies to spend more on security software and adopting cloud-based email instead of running their own email servers in-house.
Source: Barracuda Threat Spotlight: Vaccine-Related Phishing
Brand Impersonation
Vaccine-related phishing emails impersonated a well-known brand or organization and included a link to a phishing website advertising early access to vaccines, offering vaccinations in exchange for a payment, or even impersonating health care professionals requesting personal information to check eligibility for a vaccine.
Source: Barracuda Threat Spotlight: Vaccine-Related Phishing
Business Email Compromise
Business Email Compromise, or BEC, is a common attack technique. In this method, attackers impersonate individuals within an organization. Recently, these highly-targeted attacks turned to vaccine-related topics. Examples include impersonating employees needing an urgent favor while they are getting a vaccine or an HR specialist advising that the organization has secured vaccines for their employees.
Source: Barracuda Threat Spotlight: Vaccine-Related Phishing
Protecting Your Organization Against Vaccine-Related Phishing Emails
- Be skeptical of any & all vaccine-related emails: Be vigilant for any emails related to a vaccine. Some email scams include offers to get the COVID-19 vaccine early, join a vaccine waiting list, and have the vaccine shipped directly to you. Don’t click on links or open attachments in these emails, as they are typically malicious
- Take advantage of technology designed to protect you against these attacks: Attackers are constantly adapting their tactics to bypass gateways and spam filters, so it’s critical to have a solution that detects and protects against spear-phishing attacks, including brand impersonation, business email compromise, and email account takeover.
- Ensure you have account-takeover protection deployed: Don’t just focus on external email messages. Some of the most devastating and successful spear-phishing attacks originate from compromised internal email accounts. Be sure scammers aren’t using your organization as a base camp to launch these attacks. Deploy technology that uses artificial intelligence to recognize when accounts have been compromised and that remediates in real-time by alerting users and removing malicious emails sent from compromised accounts. Ask your IT provider if the solution you are using has this capability.
- Train employees to recognize and report attacks: Educate your end-users about spear-phishing attacks. Provide employees with up-to-date user awareness training about vaccine-related phishing, seasonal scams, and other potential threats. Ensure your staff can recognize the latest attacks and know how to report them to management or IT right away. Finally, test the effectiveness of your training, and evaluate the most vulnerable users.
- Create strong internal policies to prevent fraud: Businesses of any size should establish and regularly review policies on their IT security, to ensure that personal and financial information is handled properly. Help employees avoid making costly mistakes by creating guidelines and putting procedures in place to confirm all email requests for wire transfers and payment changes. Require in-person or telephone confirmation and/or approval from multiple people for all financial transactions.
If you have any concerns about your email security, please contact Partek for a zero-commitment audit on your IT infrastructure.
