Rewterz Threat Alert – SmokeLoader Malware – Active IOCs
June 9, 2021Rewterz Threat Advisory – Patch Tuesdays – Microsoft Patches 6 Zero-Days Under Active Attack
June 9, 2021Rewterz Threat Alert – SmokeLoader Malware – Active IOCs
June 9, 2021Rewterz Threat Advisory – Patch Tuesdays – Microsoft Patches 6 Zero-Days Under Active Attack
June 9, 2021Severity
High
Analysis Summary
Attackers have amped up their use of X-rated phishing lures in business email compromise (BEC) attacks. A new report found a stunning 974-percent spike in social-engineering scams involving suggestive materials, usually aimed at male-sounding names within a company. The malicious URLs largely do one or more of the same three things: Download malware; send users to a bogus dating site to trick victims into entering payment data; or track users for a follow-up attack, which the report said is likely to involve blackmail. Scammers use a tactic called email pass-through to track their victims.
Impact
- Unauthorized Remote Access
- Data Exfiltration
- Financial loss
- Credential theft
Remediation
- Always be suspicious while answering or opening from unknown sources or suspicious senders.
- The psychological triggers or social engineering tactics used by attackers should be taught to every employee.
- Do not download files attached in untrusted emails.
- Do not click on URLs given in untrusted emails.