Story image

Phishing scam impersonates Ministry of Primary Industries

29 Aug 2017

Following last week’s reports phishing emails appearing to be from from Inland Revenue were making the rounds, yesterday CERT NZ released a warning of a phishing scam claiming to be from the Ministry of Primary Industries (MPI).

The email appears to come from a genuine-looking address: info@mpi.govt.nz. The email contains an attachment with keylogging malware.

The malware, CVE-2012-0158, may exploit a Microsoft Office vulnerability that was first found in 2012, but many systems have still not applied patches.

Attackers are still finding their way into those unpatched systems through the Python keylogger.

A 2016 blog from security firm VMRay says that although the exploit is old, attackers are still confident there are enough unpatched versions of the Microsoft Office exploit to make further attacks worthwhile.

The attached file is a malicious Word document that downloads and installs the keylogging software on the infected machine.

CERT NZ says that if users’ Microsoft Office patching is up to date, the malware cannot launch or do any damage.

Those running unpatched versions of Microsoft Office and have opened the attachment may have the keylogging software on their machines. CERT NZ recommends consulting an IT specialist for further mitigation.

 CERT NZ also recommends the following tips for preventing further damage:

Keylogging software is difficult to remove. The best remediation is to rebuild your machine from the last back up taken before this email was received. We recognise this is a difficult step for many users and organisations.

Alternatively, take your machine to an IT specialist to rebuild the machine.

Enable multi-factor authentication across key online and administrative accounts. In these cases, if a person has your password, enabling multi-factor authentication will prevent them from logging in.

Once you’ve removed the malware, change all the passwords used on the computer since opening the malicious attachment.

Last Week Inland Revenue reported a phishing scam that masqueraded as a tax return form. The scam attempted to trick recipients into providing their personal and credit card data.

The fake IRD email appeared to be from Inland Revenue Department but was actually sent from an email address IRDxxxxx@s1.nzr.review

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.