Book A book icon Megaphone A megaphone icon Chat A chat bubble Calendar A calendar symbol Calendar alternative A calendar symbol Menu A menu symbol for navigation print A computer printer symbol Location A map location marker Location alternative A map location marker Phone A phone symbol User A human silhouette indicating login Document A document symbol Facebook Facebook social media icon Facebook Facebook social media icon Twitter Twitter social media icon Twitter circled Twitter social media icon YouTube YouTube social media icon YouTube YouTube social media icon YouTube Play icon YouTube social media icon Vimeo Vimeo social media icon Vimeo circled Vimeo social media icon LinkedIn LinkedIn social media icon LinkedIn circled LinkedIn social media icon Instagram Instagram social media icon Instagram circled Instagram social media icon Pinterest Pinterest social media icon Pinterest circled Pinterest social media icon Mobile A mobile phone Tablet A tablet symbol Laptop A laptop computer symbol Desktop A desktop computer display Pencil A pencil symbol Ok A checkmark symbol cancel-circle A X symbol Plus An addition symbol Minus A subtraction symbol Heart A heart symbol Star A star symbol Videocam A video camera symbol Caret A small triangle symbol Newspaper A newspaper symbol Cart A shopping cart Tools A hammer and a wrench symbol Flag A flag symbol home home-desc Photo A photograph symbol Audio A speaker with sound symbol Cog A group of cogs symbol RSS A RSS feed symbol Comment A speech bubble symbol Link A chain link symbol Export An export arrow symbol Envelope An envelope symbol Search A magnifying glass symbol Info An information symbol Info circled An information symbol Help circled A question mark symbol Clock A clock symbol Globe A globe symbol Globe alternative A globe symbol none none

Trusted Advisor Ecosystem Hit by Phishing Attack

The channel and Trusted Advisor industry has been hit with an ongoing phishing attack.  We want to make sure you:
  • Are aware of the attack 
  • Understand how to prevent getting infected
  • Have information form experts on what to do if you get infected
  • Understand how to help your customers if they ever get infected by this or any other security attack

To learn more, please join us July 24th for a special Spotlight Briefing on the Channel Phishing Attack. REGISTER NOW!

The attack that is spreading through the channel, infects the target via an innocent looking email attachment.  The email comes from someone you know that has been infected, with the correct email and signature block.  It’s actually sent directly from their desktop mail application using the infected computer’s contacts.

Fig. 1 EXAMPLE of the Channel Phishing Attach Email

cid:image007.jpg@01D5396A.E8694F70

The unsuspecting user opens an attached document labelled “WIRE TRANSFER COPY.xlsx” file which contains a link.  If the user then clicks on the link, and a “rootkit” virus then infects their system providing full remote control of their PC, giving the bad actor full access to the machine to launch further attacks.  In this particular attack, the bad actor appears to start first by trying to infect other PC’s by going through the infected PC’s contacts and send a phishing email to the person’s community with the same attached file.   If a suspecting target questions the email and attachment, the bad actor can even respond with a follow up email to continue the charade and encourage the target to open the attachment.

Fig. 2 Follow up email from bad actor in response to suspicious recipient.

 

According to Adam Burke, from Quest Technology Management®, a security MSSP in the AVANT vendor portfolio, “The intent of the payload depends and is unknown right now. Sometimes it is looking for contacts, or specific roles within an organization. For example, the CEO or CFO, if it can access identify and spread to that account the probability of spreading further from a “credible” user is much greater.  Sometimes there are multiple stages. While it’s creating the spamming effect, and everyone is trying to lock down exchange it drops a packet on an endpoint and establishes a connection/ call home. Everyone thinks it was a spamming attack and while that immediate and obvious threat was being addressed a back door was established and the automated portion is over, now the bad actors start looking around for usable data and additional opportunities.”

We urge the channel community to be cautious and vigilant when receiving emails with attachments, even from people you know.  The pattern of this attack may change and may take other email forms.  For example, the following email also is spreading through the channel community with a malicious link.  It too was sent from the user’s email account and looks very legitimate:

Fig 3: Another Phishing email spreading through the channel



Here are the recommended steps from our experts if you identify an infected machine:
  • Remove the machine from the network 
  • From another machine that is not infected login and change passwords 
  • Contact mail hosting company and have them assist you with remediation and blocking inbound and outbound emails
  • Have the infected machine cleaned or wiped
  • Be cautious of any cloud files (i.e. Dropbox, etc.) or systems that the infected machine had access to and that could have been infected by the bad actor with additional viruses.  An expert may be needed to assist you with this analysis.

Here are some companies you can reach out to if you get infected. 

Quest Technology Management’s Incident Response Team can be reached at: 
IR@questsys.com or 800-443-5605 
  • Trustwave
  • Masergy
  • Verizon
  • Flexential
  • Rapidscale

Reach out to your channel manager for contact info, or if you are an AVANT channel partner, you can find additional options to choose form in the security section of the AVANT PATHFINDER

The cyber security threats and attack have never been higher.  It’s very easy for a malicious actor to launch an attack using tools readily available on the web.  Unfortunately, it’s not a matter of if you will be attacked, but often a matter of when.  Think about security in layers:
  • PREVENT: What do I need to do to increase my chances of preventing an attack?  From employee training to technology solutions.
  • MITIGATE: How do I minimize the impact of an attack if and when it occurs, with backups and redundancies?
  • RESPOND: Who can I call upon if I have a major incident and need experts to help respond to the attack?  Be prepared today, and don’t wait till it happens.
  • EVOLVE: How do I continuously stay aware and evolve my security posture as new industry threats evolve?  Who is an expert that can help continuously advise me?  How do I stay up to date?

AVANT has a full portfolio of security providers that can assist customers in need of assistance. You should make sure your customers understand you can help them assess their current security posture, improve their security posture, and respond when an incident occurs.  If you instill one thing in your customers, it should be this:  

YOU should be the 1st phone call they make in the event of a security incident!

Through AVANT, you have access to the best security MSSPs in the industry.

Stay cyber safe and let’s use this lesson as a wakeup call to enhance the security posture of our customers!