Every day and month in this new year (2024) the hackers of the criminal kind are working on new attacks to steal/take our resources and money.
At SecureWorld yesterday there was a presentation by the secret service of some new phishing and other attacks, including a review of the Snowflake attacks. Although he did not go into the details of the Snowflake attack, it seemed there must be a reason he went over a specific phishing email that prompts command execution buttons.
This post by asec.ahnlab.com explains it better (the command execution after a prompt)
The Phishing email (or threat actor on ahnlab site) explains the brazen instructions:
Specifically the one on left says to Press the combination Win + R and tehn CTRL +V then press Enter
The instructions on right say right-click on Start button and run “WindowsPowerShell”(“Windows Terminal”)
Right-click in console window – wait for operation and reload the page.
These instructions would allow a malicious program to install and run
Not only does the user have to click on the phishing email, they have to perform a series of commands which will then install a javascript file that will eventually infect the machine as Ahnlab states in their conclusion:
“Ultimately, the DarkGate malware that starts with Autoit infects the system. Users must take extra caution when handling files from unknown sources, especially the URLs and attachments of emails.”
What needs to be done?
One has to have a phishing email awareness program with consistent training.
But definitely if anyone is asking you (even a friend) which emails and says right click and enter ‘PowerShell’ you are in deep trouble if you agree.
Contact me to discuss and make the security policy for a better cybersecurity culture.
Test social engineering – physical access and more – the hackers are using unconventional methods, we must defeat them with consistency and willpower.