“Request for Information” warning

A recently released report on the Botnet ‘MasterMana’ has highlighted a simple but effective social engineering technique.

MasterMana has been spreading via emails requesting information on products or services offered by the target company.  The email is accompanied by a spreadsheet and the recipient is requested to fill in the products/service details into the attached Excel document. The document itself has macro which then connects to a outwardly harmless internet site.  The true nature of the attack then happens silently, as the website runs code which downloads the real payload from yet another site.   To further disguise the nature of the threat, this is all managed from a server which has a IP address associated with the USA rather than the usual suspect countries.

MasterMana has made the news as it steals user credentials and has been particularly active at targeting Bitcoin wallets.  Prevailion ( https://www.prevailion.com/ ) has calculated the cost of MasterMana was US$100 for the Trojan and US$60 a month for the server.  Despite its low cost, Prevailion estimate that 2000 systems hit the MasterMana sites every week.

 


We have seen a similar attempt run against Kinetics.  The attackers claimed to be European based IT company looking support in New Zealand.  They asked us for a list of skills, certifications and our rates.  We identified quickly that it was a attempt to scam us.  The clue was that we received one email and in that first communication, they were already asking for our bank account details.

Cybersecurity starts with your people.  More credentials are given away, than are hacked.  Every organisation needs regular updates for your employees, awareness sessions for all staff, internal news postings and reports. 

All of these will contribute to keeping  security awareness alive.  We are all targets for this type of crime and all of us need to be aware of the risks.