Social Engineering













            LookBack malware targeting utility sector - Three U.S. firms in the utility sector were hit with a spear
            phishing campaign in mid-July with the emails containing a malicious Word document that can contain
            and can install the new remote access trojan LookBack. The Proofpoint Threat Insight Team’s initial take
            is the attack was the work of a nation-state sponsored actor based on the macro used and comparing it
            to other previous attacks conducted by such groups. The social engineering behind the emails, which
            were sent between July 19-25 makes it appear as if the correspondence comes from a domain owned by
            the U.S. National Council of Examiners for Engineering and Surveying and includes that organization’s
            logo. The email itself pretends to contain a failed examination result from the National Council of
            Examiners for Engineering and Surveying, a subject likely to pique someone’s interest and be opened,
            Proofpoint said..

                   Source: https://www.scmagazine.com/home/security-news/malware/lookback-malware-
                   targeting-utility-sector/



            New Phishing Campaign Bypasses Microsoft ATP to Deliver Adwind to Utilities Industry -            The
            CofenseTM Phishing Defense CenterTM has observed a new phishing campaign that spoofs a PDF
            attachment to deliver the notorious Adwind malware. This campaign was found explicitly in national grid
            utilities infrastructure. Adwind, aka JRAT or SockRat, is sold as a malware-as-a-service where users can
            purchase access to the software for a small subscription-based fee.
                   Source: https://cofense.com/new-phishing-campaign-bypasses-microsoft-atp-deliver-adwind-
                   utilities-industry/



            APT34 spread malware via LinkedIn invites - FireEye researchers identified a phishing campaign
            conducted by the cyberespionage group APT34 masquerading as a member of Cambridge University to
            gain their victim’s trust to open malicious documents. Researchers noticed the campaign in late June
            2019 using LinkedIn professional network invitations to deliver the malicious documents that included
            the use of three new malware families according to a July 18 blog post.

                   Source: https://www.scmagazine.com/home/security-news/apts-cyberespionage/fireeye-
                   researchers-identified-a-phishing-campaign-conducted-by-apt34-masquerading-as-a-member-of-
                   cambridge-university-to-gain-their-victims-trust-to-open-malicious-documents/




            Phishing attacks jump by 21% in latest quarter, says Kaspersky - Cybercriminals continually look for
            more innovative and effective ways to deliver spam and launch phishing attacks. By developing new
            methods of attack and improving old ones, they're able to create more sophisticated and therefore more
            successful methods of targeting unsuspecting victims. That's one reason why both spam and phishing
            attacks rose during the second quarter of 2019 compared with the same quarter last year, according to a
            report by Kaspersky.

                   Source: https://www.techrepublic.com/article/phishing-attacks-jump-by-21-in-latest-quarter-
                   says-kaspersky/

                                                    www.accumepartners.com