Threat Intel Digest
COVID-19 and PhishingEvery holiday and event seems to include phishing emails. COVID-19 triggers not just a regular event, but a global pandemic. Yes, the World Health Organization has officially declared COVID-19 a pandemic.
COVID-19 initiates a domino effect, shaking the global economy, global politics, and almost every aspect of human life. On the digital security side, the bad actors are using it to bring more pain to other people by distributing phishing campaigns to infect the already suffering users. The attackers send emails that appear to come from HR about travel and health guidance, or emails that appear to come from vendors about mask and hand sanitizer sales, or emails about other topics related to COVID-19. Some emails contain a malicious document that opens a back door on the user’s computer, or a malicious Microsoft Word document that downloads and installs malware on the unsuspecting user’s computer. Also, most of the phishing emails in the wild contain a suspicious link that can lead users to more threats.
Ryuk Ransomware and NetworkingThe main goal of ransomware is to encrypt files in the computer system. Once a machine is infected, the ransomware traverses the computer’s file system to encrypt files. Most ransomware encrypts files from a specific list of file types that allow the operating system to continue working.
Ryuk ransomware encrypts specific types of files to keep the infected machine working. It uses common techniques that can also be found in malware such as code injection and termination of processes that may interfere in its execution. It also prevents the operating system from restoring some of the files by deleting shadow copies. To optimize the infection, Ryuk looks to infect machines that are connected to the network. Uniquely this ransomware uses the Wake-on-LAN feature of networked devices to turn on the connected devices, if they are not active. Once Ryuk infects a machine connected to a network, the rest of the computers within the network are susceptible to its attack.
It is Just a TrickMacro viruses are text-based malware. They are an executable script commonly embedded in Microsoft Word documents. Mostly, they run whenever you open the document.