fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Emotet Double Blunder: Fake ‘Windows 10 Mobile’ and Outdated Messages

Emotet Double Blunder: Fake ‘Windows 10 Mobile’ and Outdated Messages

The Emotet botnet has switched up their malicious spamming campaign and is now heavily distributing password-protected archives to bypass email security gateways.

This campaign started on Friday with documents claiming to be created on the expired Windows 10 Mobile and continued with a large volume of messages pretending to be made on Android.

Trying to trick users into enabling macros to see documents created on a different operating system may be a convincing stratagem but using Windows 10 Mobile (since the beginning of the month) is a blunder since the OS reached end of life in January 2020.

Microsoft says that Emotet switched the ruse on Monday and started to deliver documents claiming to be made on Android and that “Enable Content” (thus activating embedded macro code) needs to be clicked to view the document.

Also Read: Things to Know about the Spam Control Act (Singapore)

Emotet operators blundered again by using outdated text in the email subject and body. This should be a clear tell for recipients, making it easy for them to spot the compromise attempt.

Microsoft announced early today that Emotet targeted various regions of the world with localized emails. Some of the languages used are English, French, and Italian.

The theme varies from invitations to meetings and order confirmations to reports, all of them being compressed into a password-protected archive.

After recipients extracted the attached document using the password provided in the email body and open it, they launch the embedded malicious macro that downloads the Emotet payload (some sources indicate it is QakBot in most cases).

However convincing the messages may be, as seen in the screenshots from Microsoft, they are obsolete, mentioning dates from 2013 and 2014.

  

Operation Zip Lock has been ongoing for weeks

While Microsoft noticed this campaign on Friday, the Cryptolaemus group of researchers fighting Emotet say that this has been happening for so many weeks that they named it Operation Zip Lock.

Emotet has used password-protected in the first half of 2019 (confirmed by Trend Micro) but Cryptolaemus says that this time the distribution is through Epoch 3 – a subgroup of the botnet with separate infrastructure.

The group says that organizations in Japan were targeted this way since at least September 1 and that the method then slowly propagated to Epoch 1 and 2 this month, being used by all three Emotet Epochs starting September 14.

Last week, TrickBot pulled a similar stunt by sending out documents with protected access. They were not archived, though. The lures varied from orders, invoices, documents, and the less and less common “new coronavirus case” theme.

Also Read: Free 8 Steps Checklist for Companies to Prevent Data Breach

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us