Amidst the current Coronavirus panic, researchers from Proofpoint, a US cybersecurity vendor, have uncovered a new email attack that exploits virus fears. The malicious health information emails, aimed at Japanese-speakers, have been targeting industries susceptible to shipping disruptions including manufacturing, industrial, finance and transportation.
This attack uses malicious Microsoft Word documents that specifically target and exploit a vulnerability in the software (CVE-2017-11882) that is over two years old. This allows the malware to install an information-stealing malware known as AZORult. AZORult has been used in a number of attack campaigns in the past since at least 2016 and is highly configurable.
Proofpoint believe that it is likely that the attacker used the effectiveness of AZORult to point the finger at organisations and industries as a whole that are slow to deploy patches to their systems. It is clear that the attack actors are aware that a major event like Coronavirus can have secondary impacts on industries and supply chains globally.
It is not uncommon for major global events to spark a number of cyber-attacks, not only at the enterprise level but also the individual level. The recent conflict between the United States and North Korea saw a large spike in malware activity, as well as the 2016 US Presidential election. Almost any major sporting, geopolitical or disaster event has seen and will see a surge of malicious activity online. As time has gone by, these attacks have become more sophisticated, and considerably more targeted.
For these reasons, it is imperative that systems are regularly patched and updated to ensure that known security issues are addressed. Almost all major security flaws are publicly documented, making it easy for attacks to develop, and target organisations to be affected. A lack of effective patch management is one of the biggest factors that lead to organisations falling victim to cyber-attacks. Proper patch management should always be an immediate priority, especially when a major flaw is uncovered.
If you’d like to learn more about how you can help protect your organisation, Agilient specialises in assisting organisations to build robust security solutions that will protect against todays threats. Effective IT security policy and practice is an expert area for Agilient’s security consultants. Contact us today to learn more.
Author: Jack Schofield, Agilient Consultant