Malware stalking the Legal Industry and bad news from Cisco
That’s right, for one week only we bring you two threats for the price of one (free). It would be churlish of us not to mention both.
There appears to be a new piece of Malware being targeted at the Legal industry. We have seen this at a customer of ours this week.
The Malware, which appears to be reconnaissance, examining files on the file system and sending a file list back to HQ (seemingly Russian), is being delivered via an email purporting to come from a trusted third party. It looks like this:
From: Gail Walker [mailto:email@example.com]
Sent: 11 February 2015 09:57
To: User name
Subject: Outstanding Invoice 271741
Payment for your Season Ticket was due by 31 January 2015 and has not yet been received. A copy of the invoice is attached. <------Guess what this is? By way of a reminder, the Season Ticket entitles all members of your organisation to save up to 50% on our public seminars and webinars. Since being a Season Ticket Holder your organisation has saved £728.50. Please arrange for payment by return by BACS, cheque, or credit card. If payment has been arranged and just not reached us yet then please ignore this email. If you have any queries, please do not hesitate to contact us. It appears that most AV vendors have patched their signatures, please make sure you are up to date and be vigilant, especially if you are in Legal. ITC has analysed the Malware and has a list of command and control (C2) servers to which it communicates. These have been uploaded into the NetSure360° Managed security platform. If you are not a managed services customer and would like the C2 list, please contact us. In other news Cisco made a rather chilling announcement this week. 13 separate vulnerabilities on the ASA platform that MUST be patched to avoid your business being vulnerable to attack from the outside. The vulnerabilities comprise both denial of service (DOS) and total compromise of the affected system. The announcement is here: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa If you use Cisco ASA devices and are a NetSure360° managed services customer, we will be contacting you and arranging to patch your devices under change control. If you are not a NetSure360° customer, please patch your systems and if you need any assistance, please contact us at: firstname.lastname@example.org or call 020 7517 3900 As these vulnerabilities and attacks come thick and fast we recommend that you identify your crown jewels and plan for an incident before it happens, build use cases to identify likely incidents and rehearse your response, while you can. If you want to discuss this with one of our security consultants, please feel free to contact us at the address above.