November 21, 2019

The Defence Works are recognised the provider of the world’s most interactive online security awareness training and this week our MD, Edward Whittingham, was asked to comment upon the latest emerging fake “Windows update” scam.

SC Media UK sought comment the new threat that has been identified by Trustwave, which directs users to

“PLease install the latest critical update from Microsoft attached to this email”

It directs the recipient’s attention to the attachment as the “latest critical update”.

In the attach, the attachment has a .jpg extension, but in reality it is actually an executable file. The filename is randomised, and its file size is around 28KB. This executable file is a malicious .NET downloader that will deliver another malware to the infected system.

This file, named bitcoingenerator.exe, will be downloaded from misterbtc2020, a Github account that was active for a few days during an investigation by the company. The file is in fact .NET compiled malware, the Cyborg ransomware.

This then encrypts files on the target system and 86532append to their filename its own file extension, in this case, a 777. Then, a ransom note “Cyborg_DECRYPT.txt” will be left on the compromised machine’s Desktop. The information provided in this txt file can be found on the overlay of the ransomware bitcoingenerator.exe.

The malware also leaves a copy of itself as “bot.exe” hidden at the root of the infected drive.

Kelvin Murray, senior threat researcher at Webroot, explained that to SC Media UK:

“As well as causing damage in the short term, fake updates undermine the general confidence people have updating, and this leads to weaker security as a whole. The sheer amount of updates that we all see on a day-to-day basis means that users are unlikely to spend much time investigating any notifications”

Edward Whittingham, MD of The Defence Works, ultimately raised that the go-to user behaviour must be to avoid clicking on links but that a large onus must be place on organisation to provide effective security awareness that truly engages the workforce.

“More and more frequently, organisations are adopting security awareness training, but it so often falls flat because the content is dull, too technical or simply doesn’t capture their attention. It’s very important to start to engage with users in a way they’ll find compelling and to make this a topic they’ll actively want to learn more about. That means ditching cliché images such as hoodies, Matrix code and so on – and instead, trying to provide the lessons through a medium they’ll understand and relate to”

These types of attacks reinforce why organisations should work with companies like The Defence Works, to deliver security awareness training to help educate employees and equip them with the knowledge they need to defence themselves.

You can read the full article over at SC Magazine: https://www.scmagazineuk.com/users-warned-fake-windows-update-spam/article/1666372

Share this: