Phishing scams are becoming more prevalent, and if you’re not protected, you are vulnerable. Phishing is a social engineering technique involving emails with a clickable link that appear to be from a trusted source, but are not. Recently, an unnamed university became the target of a phishing scam.
According to Ronnie Tokazowski, Senior Researcher at PhishMe, cyber criminals sent a phishing email (see screenshot below) from within a compromised .edu domain. The fraudulent email contained a message related to payment confirmation and an attached zip file which, if opened, instead of providing information, would cause victims to install Zeus malware. To make matters worse, this malware could be used to exfiltrate sensitive data.
Figure 1: Phishing Email
Cyber thieves are constantly developing new malware variants. For example, a recent Zeus variant Gameover Zeus (GOZ) uses an encrypted peer-to-peer (P2P) communication system to communicate between its nodes and its command and control (C&C) servers. It has primarily been used for banking fraud and distribution of the CryptoLocker ransomware Trojan, a highly detrimental strain of malware.
Enterprises must preemptively defend critical DNS systems from APTs that use techniques like phishing. Infoblox protected customers against this particular phishing scam aimed at the above mentioned university, since the Zeus botnet’s server IP address (126.96.36.199) involved in this phishing attack was already part of the threat feed service delivered to Infoblox DNS Firewall customers. Unlike single-purpose threat intelligence feeds focused on only one security control, the Infoblox security feed tracks multiple threat vectors and their associated control points on the network. The feed is updated several times a day to give you the most up-to-date protection against present and future malware.
Tell us what you think!