June 2, 2021
Cybersecurity attacks are escalating and becoming more sophisticated. The latest attack is a wide-scale malicious email campaign operated by NOBELIUM, the same threat actor behind the SolarWinds attack. The email attack is leveraging a legitimate mass-mailing service, Constant Contact, to masquerading as a US-based development organization, spreading malicious URLs.
Tom Burt, the vice president of customer security and trust from Microsoft, explained how the Native Zone malware was inserted into victim’s computers:
“Nobelium launched this week’s attacks by gaining access to the Constant Contact account of USAID. From there, the actor was able to distribute phishing emails that looked authentic but included a link that, when clicked, inserted a malicious file used to distribute a backdoor we call Native Zone. This backdoor could enable a wide range of activities from stealing data to infecting other computers on a network”.
It is more critical than ever to make sure your systems are secure and your employees fully understand the impact of opening and clicking on phishing emails. Bad Actors find it easiest to infiltrate systems through email. Risks can be reduced by:
To avoid becoming the next victim of a cybersecurity attack resulting in substantial financial loss and, more importantly, damage to your reputation, reach out to Dewpoint to discover vulnerabilities in your organization. More information on the specific Microsoft targeted attack can be found on the US Government website Microsoft Announces New Campaign from NOBELIUM | CISA.
For small and medium-sized defense contractors or public entities within the State of Michigan, Dewpoint is proud to be a pre-approved vendor under both the Michigan Defense Center Cybersecurity Program and the State of Michigan Cybersecurity program, respectively.