Summary
UPDATE: 12 January 2022
Researchers recently disclosed that a file, “Omicron Stats.exe”, was discovered that appears to be a variant of Redline Stealer malware.
Further details, including indicators of compromise (IoCs), are available at the following blog post.
Users should be aware of this file, which may be attached to phishing emails or campaigns related to the COVID-19 Omicron variant.
Original Content
People continue to have high awareness of COVID-19 and are often interested in news related to COVID-19, vaccines, and new variants. Any development in the spread of COVID-19, or the fight against it, tends to receive strong user attention.
News about the emerging Omicron variant has once again increased user attention to COVID-19 developments.
Analysis
News about the Omicron variant is still developing. Omicron, officially labelled as B.1.1.529 by the World Health Organization, varies greatly depending on the news or social media site. Research into the Omicron variant is ongoing and has yet to determine if the variant is more contagious, whether it causes more severe disease, and how effective current vaccines are against it.
But with emerging news, comes higher user interest. That increased user interest is something that hostile threat actors are likely to take advantage of as they include alleged Omicron updates in phishing emails. Attackers commonly use current news as subject lines in phishing emails, and historically, COVID-19 has proven no exception. Any additional news regarding the Omicron variant is likely to encourage attackers to send a new round of phishing emails, all designed to entice readers to click a fraudulent or malicious link to learn about any potential new COVID-19 development.
Users should expect to see phishing emails alleging to contain news about Omicron. These are likely to include some form of sensationalism to increase the chances of getting a user reaction. Based on previous COVID-19 phishing lures, users and organizations should expect to receive phishing emails with subject lines similar to (but not limited to) the following:
- Subject: Omicron variant most deadly yet
- Subject: Omicron in your area
- Subject: Order your PCR test for Omicron
- Subject: Your vaccine appointment
Potential impact
Phishing attacks are designed to entice users to click through to the attacker’s hostile sites and/or download malware. Depending on the malware, the impact of a successful phishing attack could include compromise and full control of the user’s system and all other accessible systems in the user’s corporate environment. Phishing attacks are often the first step of attacks, leading to the installation of remote access malware and ransomware.
Recommendations
Other safeguards against a successful phishing attack include the following:
- Microsoft’s guide to assist organizations in configuring recommended settings in Microsoft Defender for Office 365, found here ,
- Applying anti-phishing Safe Links, found here , and
- Applying Safe Attachments policies, found here .
Instituting these policies can ensure real-time protection and scan malicious emails as they are delivered and opened. Organizations can further enhance security to mitigate with Microsoft 365 Defender, found here , which correlates signals from emails, endpoints, and other domains.
References
https://www.cnn.com/2021/11/26/health/omicron-variant-what-we-know/index.htmlhttps://www.cisa.gov/sites/default/files/publications/CISAInsights-Cyber-EnhanceEmailandWebSecurity_S508C.pdf
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365?view=o365-worldwide
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-safe-links-policies?view=o365-worldwide
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-safe-attachments-policies?view=o365-worldwide
https://www.microsoft.com/en-us/security/business/threat-protection/microsoft-365-defender
https://www.fortinet.com/blog/threat-research/omicron-variant-lure-used-to-distribute-redline-stealer
No comments:
Post a Comment