Industry Insights • 1 Min READ
Updated Malwares from TA505 – Financial and Retail Organisations at Risk from Global Phishing Threat
by Eleanor Barlow • Feb 2020
The cybercrime group, known by the name of TA505, recently resurfaced with updated features using HTML redirectors for delivering malicious Excel documents. By using distributing systems, such as Necurs botnet, the group have been widely recognised since 2014 for their malleable, adjustable and extensive ransomware, malware, trojans and spam operations. With the sole intention of acquiring money and capital, targets are predominantly in the financial and retail sectors.
The real issue is that TA505 uses localised HTML files in different languages. This means that targets are made worldwide, in any region, within any vertical. Such customisation has meant that attacks have been noted globally, with significant emphasis on Singapore, UAE and the US.
Due to the scale at which targets are made, the direct effect TA505 has had on promoting particular entities, including Globelmposter and other malware options such as FlawedAmmyy, has been significant. The group went quiet for a period, but now TA505 is back to circulating Remote Access Trojans (RATs), malware downloaders and ransomwares, onto their victim’s technology.
How does it work?
After opening a false attachment, the HTML downloads a malicious Excel file that drops the payload into the victim’s machine. Upon execution, the malware dumps the GraceWire Trojan into the infected device. Attackers also use an IP traceback service, allowing them to track the IP addresses of machines that download their malicious Excel file. This technique has not been adopted by such threat actors before.
For additional reading, see what Microsoft Security Intelligence stated about the threat, in a series of tweets, here.
SecurityHQ’s Recommendations
- Keep applications and operating systems running at the current released patch level.
- Update your anti-virus solutions with latest virus definitions.
- Check for the presence of pirated software’s, uninstall them and scan systems with the latest virus definitions.
- Avoid handling files from non-trusted sources.
For more information, support or advice about the threat, contact the team today.
Related Content
Hook, Line and Sinker. Phishing and Office 365 Account Compromise
Phishing: What are the important Office 365 logs to examine? Even the most hardened information systems are susceptible to a slick con artist. The art of deception employed in a well-crafted phishing email has the potential to dupe us all. In fact, there are few of us who are invulnerable to this threat actor. Obviously, […]
10 Top Tips to Detect Phishing Scams
Everyone is susceptible to a phishing attack. Often, phishing emails are well-crafted and take a trained eye to spot the genuine from the fake. There are, however, ways to make yourself less of a target. Keep in mind our ten top tips to stay safe online. 1. Name of sender can trick you. Email addresses […]
