Microsoft recently warned of a new COVID-19 themed malware campaign spread using Excel 4.0 macros and NetSupport Manager. In a series of tweets, Microsoft’s Security Intelligence team described the massive campaign and its consequences.
In the campaign, started on May 12, cybercriminals use coronavirus-related phishing emails to install remote access tools. The phishing email alleges to come from Johns Hopkins Center, utilized in past campaigns as well, with the subject ‘WHO COVID-19 SITUATION REPORT.’ Attached to the email is an excel spreadsheet that supposedly contains up-to-date U.S. coronavirus statistics. In fact, the spreadsheet can be one of several hundreds of unique attachments that connect to the same URL. Once a victim opens the attachment, the malicious macros download and the remote access tool NetSupport Manager RAT runs. Excel 4.0 macros and NetSupport Manager are authentic Microsoft tools but their use in malicious campaigns has steadily increased, particularly attached to COVID-19 information. Once NetSupport deploys, multiple components download such as .dll, .ini, and other .exe files, a VBScript, and an obfuscated PowerSplit-based PowerShell script. The compromised computer then connects to the hacker’s remote command and control center awaiting further instructions. Such malware campaigns are not new; cybercriminals have just adjusted the means of delivery by utilizing the current crisis to get people to click without thinking.
The FBI named phishing as a top complaint in its 2019 Internet Crime Report. And IT specialists suggest that an increase in remote attacks through phishing was inevitable at this time. Especially since informative coronavirus emails are a believable ploy.
SEE RELATED: Coronavirus-themed malware intensifies across the world
Organizations must utilize strong email security within their cybersecurity program to stop phishing emails before they create problems. Email security like Paubox Email Suite Plus (with Spam Filtering and ExecProtect) prevents ransomware and malware from even reaching an inbox. This is especially necessary for healthcare organizations needing HIPAA compliant email. On top of this, employees should have up-to-date training on avoiding macros and recognizing malicious emails. Only by combining vigilance and strong email security can organizations stop these campaigns from gaining any momentum.