Οι χάκερ στέλνουν βιογραφικά με κακόβουλο λογισμικό more_eggs στους υπεύθυνους προσλήψεων

Researchers from the Canadian company eSentire have reported a new wave of phishing attacks using resumes embedded with the more_eggs malware. Cybercriminals have attacked corporate recruiters with fake resumes.

Cybersecurity researchers have identified and prevented four separate cyber incidents, three of which occurred at the end of March this year. Affected entities include a US-based aerospace company, an accounting firm based in the UK, and a law firm and recruitment agency based outside of Canada.

Επιτρέψτε μου να σας το υπενθυμίσω αυτό εμείς, για παράδειγμα, μίλησε για Hancitor κακόβουλο λογισμικό, που χρησιμοποιεί μηνύματα ηλεκτρονικού ψαρέματος, παραβιασμένα διαπιστευτήρια, or brute-forcing RDP to access vulnerable Windows machines. А также, что Αρης' new infostealer is being distributed via OpenOffice ads on Google.

A year ago, in the pre-Easter period, experts also discovered a targeted phishing campaign infecting victims with περισσότερα_αυγά. Ωστόσο, during this operation, the attackers were targeting LinkedIn professionals who were looking for jobs, not hiring managers looking for job candidates. The hackers sent ZIP files to job seekers disguised as job offers. When criminal targets an opened the zip file, it causes installation of the more_eggs.

Operation more_eggs changed the social engineering scenario this year by targeting hiring managers with fake resumes, instead of job seekers with fake job offers.όλες οι εντολές εκτελούνται με τον ίδιο τρόπο.

Ειδικοί στον τομέα της κυβερνοασφάλειας ανακάλυψαν ένα νέο ransomware που δεν ζητά λύτρα σε κρυπτονομίσματα, allegedly developed by the Golden Chickens (also known as the Venom Spider), is a stealthy, modular set of backdoors capable of stealing valuable information and traversing a compromised network.

More_eggs is malicious software containing several components engineered to steal valuable credentials, including usernames and passwords for corporate bank accounts, email accounts and IT administrator accounts, among others.eSentire λένε οι ειδικοί.

Experts believe that anti-virus software may not be enough to protect against such a complex attack system as more_eggs.

Recommendations on how to avoid becoming a victim of More_Eggs:

  1. Safety training for all employees. Safety training should be mandatory for all company employees.
  2. Users should avoid downloading and running files from unverified sources. Για παράδειγμα, be wary of Word and Excel documents sent from an unknown source or obtained from the Internet that prompt users toEnable Macros”.
  3. Avoid free versions of paid software. Always check the full URL before downloading files to make sure it matches the origin (για παράδειγμα, Microsoft Team must come from a Microsoft domain).
  4. Check file extensions, don’t just trust the file type logo. The executable file can be disguised as a PDF.
  5. Ensure that there are standard procedures in place for employees to submit potentially harmful content for review.

Helga Smith

Ενδιαφέρομαι πάντα για τις επιστήμες των υπολογιστών, ειδικά την ασφάλεια δεδομένων και το θέμα, που ονομάζεται σήμερα "επιστημονικά δεδομένα", από τα πρώτα μου χρόνια. Πριν μπείτε στην ομάδα κατάργησης ιών ως αρχισυντάκτης, Εργάστηκα ως ειδικός στον τομέα της ασφάλειας στον κυβερνοχώρο σε πολλές εταιρείες, συμπεριλαμβανομένου ενός από τους εργολάβους της Amazon. Μια άλλη εμπειρία: Έχω διδάξει σε πανεπιστήμια Arden και Reading.

Αφήστε μια απάντηση

Αυτό το site χρησιμοποιεί Akismet να μειώσει το spam. Μάθετε πώς γίνεται επεξεργασία των δεδομένων σας σχόλιο.

Κουμπί Επιστροφή στην κορυφή