Kaspersky has uncovered an unusual spam campaign targeting businesses around the world. Forging emails from vendors or other companies, the attackers tried to steal login data from institutions with Agent Tesla theft software. These stolen credentials can be offered for sale on darkweb forums or used in targeted attacks against related organizations. Turkey was among the top 5 countries in terms of the number of users affected by the attack. Between May and August 2022, approximately 13 users became the subject of this theft attempt.
Cybercriminals are investing in mass spam campaigns nowadays. The results of the latest research by Kaspersky are clear proof of this. The new spam email campaign uncovered against various organizations consisted of high-quality fake messages pretending to be sent by real companies. To fulfill their purpose, the attackers used Agent Tesla theft software, a well-known Trojan Horse designed to steal authentication data, screenshots, data from webcams and keyboards. This malware was distributed as a self-extracting archive attached to the email.
In an email example, someone posing as a Malaysian prospect uses odd English to request the recipient to review some customer requirements and submit the requested documents. The general format is in line with corporate correspondence standards, a logo of the real company and the signature with the sender information looks fine. Linguistic errors are also easily attributable to a non-native English speaker.
The only suspicious case with the email is that the sender address, newsletter@trade***.com, is tagged as a “newsletter” usually used for news, not for purchase. Also, the sender's domain name is different from the company name in the logo.
In another email, a so-called Bulgarian customer asks about the availability of certain products and offers to find out the details of the deal. It is said that the list of requested products is attached. The sender's suspicious e-mail address has a Greek domain name, apparently unrelated to the company, not even Bulgarian.
The messages come from a limited range of IP addresses, and the attached files always contain the same malware, Agent Tesla. This leads researchers to think that all these messages are part of a single targeted campaign.
To protect yourself from spam email campaigns, Kaspersky recommends:
Provide basic cybersecurity hygiene training to your staff. Perform phishing simulated attacks to make sure they know how to spot phishing emails
To reduce the possibility of infection via phishing email, use a built-in anti-phishing solution such as Kaspersky Endpoint Security for Business on endpoints and mail servers.
If you're using the Microsoft 365 cloud service, don't forget to protect it as well. Kaspersky Security for Microsoft Office 365 has SharePoint, Teams and OneDrive apps for secure business communication, as well as anti-spam and anti-phishing.
Be the first to comment