We know that the online world is dangerous, with the number and variety of threats constantly increasing. For years, phishing with email has been a favorite tactic of hackers. Most of these emails are poorly written, and IT professionals often spot the fake ones, but there are times when the creativity of nefarious individuals is quite surprising.
There was an attack on utility companies recently, which targeted engineers and purported to have some results for professional examinations. Since there is likely always someone taking an engineering exam as a professional at a utility company, this attack has a chance of succeeding. A Word doc included had a number of macros that installed a trojan for the employee. Hopefully few people allowed macro execution, but I’m sure someone was distracted, busy, and perhaps stressed about their exam results and didn’t think. Or clicked too fast.
What is scary here is that the attack is suspected to be the work of a nation-state, which could mean substantial resources went into the attack. There are certainly potential issues if someone gets access to a privileged workstation, which is always a concern. This is why few people should have privileged access, and a privileged account should never be used for email software. A low-access account is the best way to work through emails and attachments.
Many of us have privileged accounts, but imagine that someone gets a trojan on our laptop. When we use sudo or runas, we might find our credentials compromised. Think it can’t happen? What if all your IT staff got a note about an MS examination result? Or what if they got a free offer to take a certification test? I’m sure someone would click on it, and it only takes one.
Security is hard, with education and caution being the most important tools at our disposal. Spread the word about stories like this and ensure all your staff, especially junior staff, is especially cautious about how and where they open any potential email attachments, click links, or even allow pictures. Security remains a challenge for all our organizations and we need to continually work at maintaining a vigilant environment.