Malware Email Attacks Hitting All Industries

November 05, 2018

Newly discovered email attacks are catching some very big phish lately. Earlier this year, a downloader called AdvisorsBot was discovered and found to target restaurants, hotels, and telecom companies. Attacks on these industries aren’t new, but this email phishing campaign is unusually effective. In addition to its success, AdvisorsBot is evolving as it develops in force. By continually transforming, it keeps detection and protection against it nearly impossible for data security systems to fight.

AdvisorsBot was first discovered in C programming language, the most widely used, general purpose “language” for systems worldwide. In this case, other AdvisorsBot versions were also found in .NET and PowerShell. That leads security experts to believe AdvisorsBot is a work in progress that takes many shapes and continues to morph. Using C, .NET, and PowerShell is a recipe for success for hackers and a reason for serious concerns to security experts.

Once a hacker gains access to these systems through phishing emails, the attack grows quickly and embeds itself as a first-stage payload. Once that first-stage is carried out, AdvisorsBot identifies and extracts details leading to other targets to infect within a company. Malware that continually evolves is extremely difficult to detect and ultimately near impossible to fight. For AdvisorsBot, the malicious emails are specifically created to attack certain industries and expand further and deeper into data systems.

It cannot be stressed enough that ensuring you don’t get hooked by a phishing lure is how these types of bots are stopped in their tracks. Watch for the tell-tell signs:

  • An email is from an unknown sender
  • The message is unexpected, regardless of who sent it
  • The words used to craft the text are grammatically incorrect, contain typos, and other errors
  • If it’s supposedly from a professional organization, watch for images used that are not current or look unprofessional and/or there is a use of slang or other non-business sounding terminology. For example, pay attention if the message refers to “cops” rather than “law enforcement.”

We know the perils of email phishing and the importance of not falling for them. However, these emails target employees with industry-specific content. For instance, a restaurant employee may receive an email about food poisoning with attached files about the problem. Out of genuine concern, an unwitting employee clicks on an attachment and – bam! Opening just one file opens the door to entire systems being compromised. In this case with AdvisorsBot, further information is gleaned from the initial target, allowing it to attack vendors and countless others associated with the restaurant.

Targeting employees is a favorite and very successful way for hackers to gain access to data systems. Now more than ever, employee cybersafety education is a front line for keeping a business or, in the case of AdvisorsBot, entire industry safe. The disturbing success of AdvisorsBot shows how investing in ongoing education for employees can be as important as providing cyber-resilient data systems. When combined, employee education and attack-resilient systems provide a path to future online safety for all involved.