Kaspersky Lab researchers have detected a new wave of financial spear-phishing emails disguised as legitimate procurement and accounting letters that hit at least 400 industrial organizations in an attempt to earn money for the cybercriminals. The series of attacks started back in autumn 2017 and targeted several hundreds of company PCs in industries ranging from oil and gas, to metallurgy, energy, construction, and logistics.
In the detected wave, the criminals not only attacked industrial companies together with other organizations, they were predominantly focused on them. They sent out emails containing malicious attachments and try to lure unsuspecting victims into giving away confidential data, which they could then use to make money.
According to Kaspersky Lab data, this wave of emails targeted at around 800 employee PCs, with the goal of stealing money and confidential data from the organizations, which can then be used in new attacks. The emails were disguised as legitimate procurement and accounting letters, containing content that corresponded to the profile of the attacked organizations and took into account the identity of the employee - the recipient of the letter. It is noteworthy that the attackers even addressed the targeted victims by name. This suggests that the attacks were carefully prepared and that criminals took the time to develop an individual letter for each user.
When the recipient clicked on the malicious attachments, modified legitimate software was discreetly installed on the computer so that criminals could connect to it, examine documents and software related to the procurement, financial and accounting operations. Furthermore, the attackers were looking for different ways to commit financial fraud, such as changing requisites in paying bills in order to withdraw money for their benefit.
Kaspersky Lab researchers advise users to follow these key measures in order to be protected against spear-phishing attacks:
- Use security solutions with dedicated functionality aimed at detecting and blocking phishing attempts. Businesses can protect their on-premise email systems with targeted applications inside the Kaspersky Endpoint Security for Business suite. Kaspersky Security for Microsoft Office 365 helps to protect the cloud-based mail service Exchange Online inside the Microsoft Office 365 suite.
- Introduce security awareness initiatives, including gamified training with skills assessments and reinforcement through the repetition of simulated phishing attacks. Kaspersky Lab customers would benefit from using the Kaspersky Security Awareness Training services.