Story image

Phishing scam impersonates Ministry of Primary Industries

29 Aug 2017

Following last week’s reports phishing emails appearing to be from from Inland Revenue were making the rounds, yesterday CERT NZ released a warning of a phishing scam claiming to be from the Ministry of Primary Industries (MPI).

The email appears to come from a genuine-looking address: info@mpi.govt.nz. The email contains an attachment with keylogging malware.

The malware, CVE-2012-0158, may exploit a Microsoft Office vulnerability that was first found in 2012, but many systems have still not applied patches.

Attackers are still finding their way into those unpatched systems through the Python keylogger.

A 2016 blog from security firm VMRay says that although the exploit is old, attackers are still confident there are enough unpatched versions of the Microsoft Office exploit to make further attacks worthwhile.

The attached file is a malicious Word document that downloads and installs the keylogging software on the infected machine.

CERT NZ says that if users’ Microsoft Office patching is up to date, the malware cannot launch or do any damage.

Those running unpatched versions of Microsoft Office and have opened the attachment may have the keylogging software on their machines. CERT NZ recommends consulting an IT specialist for further mitigation.

 CERT NZ also recommends the following tips for preventing further damage:

Keylogging software is difficult to remove. The best remediation is to rebuild your machine from the last back up taken before this email was received. We recognise this is a difficult step for many users and organisations.

Alternatively, take your machine to an IT specialist to rebuild the machine.

Enable multi-factor authentication across key online and administrative accounts. In these cases, if a person has your password, enabling multi-factor authentication will prevent them from logging in.

Once you’ve removed the malware, change all the passwords used on the computer since opening the malicious attachment.

Last Week Inland Revenue reported a phishing scam that masqueraded as a tax return form. The scam attempted to trick recipients into providing their personal and credit card data.

The fake IRD email appeared to be from Inland Revenue Department but was actually sent from an email address IRDxxxxx@s1.nzr.review

Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.
SIS announces a partnership with Platform 4
“We are looking forward to a strong future in the New Zealand security industry with this global giant as our strategic partner."
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.
Developing APAC countries most vulnerable to malware - Microsoft
“As cyberattacks continue to increase in frequency and sophistication, understanding prevalent cyberthreats and how to limit their impact has become an imperative.”
Worldwide spending on security to reach $103.1bil in 2019 - IDC
Managed security services will be the largest technology category in 2019.
Kiwis know security is important, but they're not doing much about it
Only 49% of respondents use antivirus software and even fewer – just 19% -  change their passwords regularly.