Before the May holidays, Russian companies have started receiving messages at Telegram, offering to download "Vacation Avatar Package", which could have placed in their absence in Messengers. The attached file contains a RAR archive, which contains a malicious script that collects data from the device to send the attackers. About thisGazeta.ruAlexander Blzneckov, head of the Telecom Stock Exchange Department, said.
"We have registered a new phishing correspondence to employees of organizations that come from the alleged human resources. The report said that before the festive period, the company's designers have set up a special package of avatars, which can be installed in messengers, to inform your partners about your temporary disappearance, "Bleksnekov said.
Attackers attach the message to the RAR archive, which opens a script for searching for certain files on the victim, such as documents containing certain words in the headings, and send them to attackers. It's about mass postage. Employees of Russian companies, mostly IT, have received more than 300 such messages. According to BLEZNECT, Most of these viruses target Windows operating system.
"In the ideal scenario, the company's security should be built in such a way that any operation of employees, including files, is analyzed through the mechanisms of SOC (Security Action Center). The cyberwall monitoring center checks the security events entering the system from different sources, and when it notes suspicious activities, it takes measures to prevent attack, "Blueneckov said.
For example, if a malicious script is launched, an employee account is immediately blocked, and its computer is isolated from the corporate network and the Internet to be able to be transferred to the attackers. In addition, you can defile the macro operation of the workplaces in downloaded files.
Translation of: Euromedia24.com
