Security Awareness – Dridex and Covid-Related Phishing Campaigns

Amid the holiday season and COVID-19 activity, threat actors are continuing to use phishing themes designed to elicit an emotional response to get users to click before they think. To increase members’ situational awareness, WaterISAC is highlighting three current phishing campaigns.

The Dridex malware has recently been observed propagating in two phishing campaigns. Dridex is a trojan malware, that was originally developed to steal banking credentials, but is now used for gaining initial access, providing remote access to threat actors, and propagating to other devices. In one observed Dridex phishing campaign, threat actors are sending fake employee termination emails to victims account in hopes of deceiving them into opening a malicious Excel attachment. After opening the Excel attachment, the threat actor can install additional malware, steal credentials, and perform other malign activities, such as deploying ransomware. Read more at BleepingComputer.

Another Dridex phishing campaign attempts to fool victims by sending fraudulent emails purporting to be COVID-19 test results. Once a victim opens up the attached Excel document and clicks “enable editing,” malware is downloaded onto the device and the threat actor now has access to the system for further nefarious, likely fraudulent, activities. Read more at BleepingComputer.

Finally, an ongoing phishing campaign pretending to be from the pharmaceutical company Pfizer has been observed in the wild since August. This phishing campaign delivers malware free PDF attachments, which discuss payment terms and due dates, to fool unsuspecting individuals into starting a conversation with the phishing threat actors. The attackers are likely seeking to gain financial information from their victims and this method of luring victims into a drawn-out email conversation could prove more successful in an attempt to gain credibility with intended targets. Read more at BleepingComputer.