Network Monitoring News - Jan 2017

W2's
The IRS is warning of a new series of phishing attacks targeting your finance, payroll and human resource departments. Some versions of this scam are requesting wire transfers as well. Employers should consider creating an internal policy, if one is lacking, on the distribution of employee W-2 information and conducting wire transfers.

Here's how the scam works: Cybercriminals use various spoofing techniques to disguise an email to make it appear as if it is from an organization executive. The email is sent to an employee in the payroll or human resources departments, requesting a list of all employees and their Forms W-2. This scam is sometimes referred to as business email compromise (BEC) or business email spoofing (BES).

Malware being less suspicious
For the last year malware writers were using javascript files to distribute malware. Attackers have recently switched to less suspicious attachment types, most notably .LNK and .SVG files. LNK files are files for shortcuts or links to executable files. In this instance, ransomware/malware files.

SVG files are image files. Unfortunately this file format is allowed to contain javascript which of course means executable content is only an image preview away.

Those that have ContentCatcher are already protected with FileWall. The ContentCatcher team has added .lnk and .svg attachments hidden within zip files to the default drop list for your protection.

IOT
The Internet of Things is gaining ground. Many items purchased today have the ability to connect to the internet. Sadly, most of them have very little in terms of security but this is slowly changing. Now, we face something entirely different, privacy concerns. Recently police were trying to access records of an Amazon echo device to help solve a crime. In this particular case, an IOT water heater was also used to compile evidence based on how much water was used with the prosecutor saying, it was enough to wash away evidence. Thinking of business and IOT devices, it is extremely important to make sure these types of devices are protected. Attackers are gaining access and using the information found within to gain a stronger foothold, phish users or whatever else they have yet to think of for financial gain.