CLOSE
Enter your search term and press enter. Press Esc or X to close.
​

News/Blog

Whitepapers

Are these top insider threats lurking behind your doors?

Organizations sometimes fail to consider the true risks that insiders pose to their cybersecurity. Yet, internal risks are every bit as dangerous and damaging as the external ones, even if there is not malicious intent.

Find out if any of these top 5 insider threats are occouring in your business today!

Download Now

 

 

Microsoft, Malware and Google URLs

A new campaign abuses legitimate website contact forms to send URLs that ultimately deliver the IcedID banking Trojan.

Microsoft has warned organizations of a new attack campaign that uses legitimate website contact forms to deliver malicious links to businesses via emails containing fake legal threats.

Websites typically have contact forms to give visitors a means of communicating with site owners. In this campaign, Microsoft noticed attackers targeting businesses by abusing their corporate contact forms. Analysts believe the influx of emails stemming from contact forms indicates the attackers may have automated the process by bypassing CAPTCHA protections.

This contact form submission leads to a malicious email landing in a recipient's mailbox that appears legitimate because it came from the same email marketing system that delivers messages and questions from other website visitors. The attackers' message contains urgent language – "download it right now and check this out for yourself" – pushing the recipient to act quickly.

A legitimate Google URL is included. If clicked, it brings the reader to a Google page that requires logging in with Google credentials. Signing in will automatically download a malicious ZIP file that ultimately downloads the IcedID payload.

When launched, IcedID connects to a command-and-control server to download modules that conduct functions like exfiltrating banking credentials and other data. It achieves persistence and downloads additional tools that let remote attackers pursue other malicious actions on a target system, including credential theft, lateral movement, and delivery of additional payloads.

"While this specific campaign delivers the IcedID malware, the delivery method can be used to distribute a wide range of other malware, which can in turn introduce other threats to the enterprise," officials note in a writeup of their findings. Microsoft has alerted Google to this campaign since it takes advantage of legitimate Google URLs.

This campaign is successful for a number of reasons, Microsoft notes. It uses legitimate contact forms and delivers a message that a recipient would want to learn more about. The legal threat is a "scare tactic," claiming the recipient used images or illustrations without consent. Because everything else about the transaction seems genuine, a recipient may be more likely to trust it.

Posted by Jason Smith at 10:41 AM
Let's Talk