Advisory

ADVISORY ON EMOTET ATTACK AGAINST ORGANIZATION

BACKGROUND

Emotet started as a banking trojan in 2014 and has recently returned as a more dangerous malware targeting local government agencies. It acts as a downloader/dropper to deliver trojans and malicious code to infect devices. Emotet typically spreads through phishing emails or spam that contain Microsoft Word attachments or links along with zip files in order to bypass security filters (i.e. antivirus) to lure victims to click on the link or file.

 
IMPACT

ADVISORY ON PHISHING WITH WORMS-EMAIL ACCOUNT TAKEOVER

BACKGROUND

The latest phishing attack has caused a wave of business email account takeovers.

Once an email account is compromised, the account credentials are sent to a remote bot which would then sign into the account and analyse recent emails. For each unique email thread, it would then reply to the most recent email, sending a link to a phishing page to capture credentials. Since the phishing emails are being sent as replies to genuine emails between suppliers, customers, and colleagues, this makes the emails appear trustworthy.

ADVISORY ON PHONE SCAM

BACKGROUND
 
BruCERT has recently received a number of complaints from the public regarding phone scammers impersonating legitimate banks. The scammers contact victims through unofficial channels such as apps like WhatsApp or Viber, usually calling from an international number. They claim to be calling to check all customers’ cards and pressure the victim to reveal personal and financial information.


IMPACT

Fake Technical Support And Scareware

Background

A technical support scam is a form of fraud, utilizing social engineering and fear tactics to fool victims into divulging useful and confidential information or paying for unnecessary support services due to alleged technical error or software problems.

There are 2 common methods of tech support scams: via a phone call and scareware.

Phone call

RDP Brute Force Attacks

BACKGROUND
    
A way for employees to access corporate devices is by using Remote Desktop Protocol (RDP). Remote Desktop is a remote management tool which allows you to connect to any computer and take over the desktop. It’s like you are sitting and looking at your own computer, only remotely. It is highly used especially during this pandemic situation, for those who have moved to work from home. If poorly configured, it might be vulnerable to attacks.


IMPACT

"Hover With Power" Attack Via PowerPoint Files

Background:

A novel hack called “Hover with Power” allows an attacker to create a mouse-over in a PowerPoint file which would trigger the download of malware when a user hovers over a link in the presentation. Utilizing an element of social engineering, the user would then have to accept a pop-up dialogue box to run or install the program. The executable file can also be run from a remote server by using the ‘HyperLink To” action. This attack affects .ppsx files which are designed to play presentations and can’t be edited.

Impact:

Staying Cyber Safe When Working From Home

Background

With the ongoing COVID-19 outbreak and in view of Brunei's Ministry of Health advisory to implement social distancing measures, many organizations are encouraging or requiring staff to work from home for an indeterminate amount of time.

However, remote working creates additional opportunities for cyber threat actors to perform malicious cyber activities by exploring open vulnerabilities in less secured networks, thus gaining access to users’ data or the organization's network.