We’re currently in a season to celebrate especially for attackers. It’s the perfect opportunity to take advantage of people distracted by the holidays and slip malicious content into the ever so tempting array of holiday emails.
Below is an example of a series of attacks we caught for an enterprise client, specifically leveraging Thanksgiving and Black Friday. You can be sure the same attackers will leverage Christmas, Hannukah, New Year’s and more.
How the attack works .The user receives a mail promoting an irresistible deal or containing a very considerate e-card from a colleague or family member. The content is very tempting to open, and taps into the user’s holiday or shopping-spirit to get him to click.
Holiday-themed Email Examples .In the examples below, the attacker is wishing the target a Happy Thanksgiving and tempting him to click on the attachment.
New malicious files .
At the time of writing this post, not only were the emails very tricky but the attached files were also new and not recognized by the traditional security solutions in Virus Total. Since they are unknown, the files can easily bypass mainstream solutions. If the user opens the file and clicks ALLOW, Macro code will activate and execute malicious code on the host.
New file names and hashes .DOC-Q72443.doc 428d616dc708592fe978ecb25e9d2593762db5c3eca7b350f46084dc48076e94
DOC-Q72443.doc 428d616dc708592fe978ecb25e9d2593762db5c3eca7b350f46084dc48076e94
INV918.doc b904c6c92dd640a65c1edf0daabe943bc60061d42e14eeb76cd447de298c51d6
Untitled-11202018-204280.doc e83df82be141afc35094bb5aafb315ebd8bc4c441f7d36482b8843af7b6e08bb
Perception Point detected these with our proprietary HAP technology that detects advanced threats.
Learn More
