Cybersecurity attacks are escalating and becoming more sophisticated. The latest attack is a wide-scale malicious email campaign operated by NOBELIUM, the same threat actor behind the SolarWinds attack. The email attack is leveraging a legitimate mass-mailing service, Constant Contact, to masquerading as a US-based development organization, spreading malicious URLs.
Tom Burt, the vice president of customer security and trust from Microsoft, explained how the Native Zone malware was inserted into victim’s computers:
“Nobelium launched this week’s attacks by gaining access to the Constant Contact account of USAID. From there, the actor was able to distribute phishing emails that looked authentic but included a link that, when clicked, inserted a malicious file used to distribute a backdoor we call Native Zone. This backdoor could enable a wide range of activities from stealing data to infecting other computers on a network”.
It is more critical than ever to make sure your systems are secure and your employees fully understand the impact of opening and clicking on phishing emails. Bad Actors find it easiest to infiltrate systems through email. Risks can be reduced by:
- Complementing email security technology with user awareness training specifically to educate users on Business Email Compromise (BEC) phishing. BEC attacks are designed to impersonate senior executives and trick employees, customers, or vendors into wiring payment for goods or services to alternate bank accounts.
- Implementing standard operating procedures to authenticate email requests for financial or data transactions and other high-risk ad hoc transactions from email to more authenticated systems.
- Upgrading secure email gateway solutions to include advanced phishing protection, imposter detection, and internal email protection.
- Implementing Domain-based Message Authentication, Reporting, and Conformance (DMARC) to authenticate email domains and minimize the opportunity for domain abuse.
- Implementing multifactor authentication to protect against account takeover.
To avoid becoming the next victim of a cybersecurity attack resulting in substantial financial loss and, more importantly, damage to your reputation, reach out to Dewpoint to discover vulnerabilities in your organization. More information on the specific Microsoft targeted attack can be found on the US Government website Microsoft Announces New Campaign from NOBELIUM | CISA.
For small and medium-sized defense contractors or public entities within the State of Michigan, Dewpoint is proud to be a pre-approved vendor under both the Michigan Defense Center Cybersecurity Program and the State of Michigan Cybersecurity program, respectively.