Malware Issue on File Shares


Recommended Posts

While I agree that email with urls or attachments is a common attack vector - I just don't see how/why it is still viable..  In this day an age, with all the virus info that has been on major news outlets, etc..  How can anyone continue to click on ###### that they were not expecting??

 

Just freaking amazing the lack of what you would think is common sense..

 

It not ignorance.  It's a combination of being tired and in a hurry.  Some of these email's do look exactly like the real thing and more often than not these days they seem to come from someone you know.  I will say this.  Very few people seem to fall for it twice.  But then they end up paranoid and think everything is risky (which it is!).

Link to comment
Share on other sites

I lost you AStaley?  What is in your work emails that would promote clicking random ######?

 

Common sense, seems to go out the window when it comes to company systems.  The answer always seems to be, if I break something or click on something I shouldn't, then IT will fix it. 

Link to comment
Share on other sites

Common sense, seems to go out the window when it comes to company systems. The answer always seems to be, if I break something or click on something I shouldn't, then IT will fix it.

Then you should have in place a good antispam solution and/or a solution that will block common compromised attachments. Or switch jobs to a place that doesn't allow this kind of stuff on their site. BTW, we are hiring at my company. EXE's and stupid stuff like that don't come through, but we have a bevy of other issues that come up that aren't virus related and are user induced.
Link to comment
Share on other sites

Then you should have in place a good antispam solution and/or a solution that will block common compromised attachments. Or switch jobs to a place that doesn't allow this kind of stuff on their site. BTW, we are hiring at my company. EXE's and stupid stuff like that don't come through, but we have a bevy of other issues that come up that aren't virus related and are user induced.

 

When I replied to BudMan's post I was thinking along the lines of how normally intelligent people at times can be as thick as two short planks.  What I was thinking about was emails I've received in the past where for instance they can't print, I look at the printer and have to point out there's no paper or the toners empty.  Emails like that as opposed to those with malware, slightly off topic I know but my thoughts were just wandering off.

 

Around the whole malicious links/malware topic etc I've never had a real problem.  Security wise I've always taken a multi-layered approach to these things.  All most everyone runs from Terminal Server, if a malicious email got past the antispam and a URL was clicked, it would be blocked.  There is no internet access from those servers.  AppLocker blocks access to files I haven't approved.  Along with the usual anti-malware.

  • Like 2
Link to comment
Share on other sites

Hello,

 

It is simple social engineering.  The emails contain a subject and body that are enticing to the recipient.  They look genuine and sound like a file the person might receive.  It could be anything from a freight waybill to an invoice to a receipt.  All it takes is to send it to the right person in say, the accounting department, who might receive tens of legitimate emails like that a day, and off the ransomware goes, disabling the Volume Shadow Copy service, encrypting files and so forth.

 

Not every person at a company is a security expert, nor should they have to be.  For a lot of them, a computer is just another tool they use to get their job done.

 

Regards,

 

Aryeh Goretsky

 

While I agree that email with urls or attachments is a common attack vector - I just don't see how/why it is still viable..  In this day an age, with all the virus info that has been on major news outlets, etc..  How can anyone continue to click on ###### that they were not expecting??

 

Just freaking amazing the lack of what you would think is common sense..

Link to comment
Share on other sites

Hello,

 

Yes, which is why the folks distributing the ransomware embed them in something else that isn't blocked, or a perhaps misleading text or a convincing image graphic with a URL to click on and download the file.

 

regards,

 

Aryeh Goretsky

 

You know outlook blocks exe attachments natively unless you have compromised that. You probably shouldn't compromise that.

Link to comment
Share on other sites

I am not saying everyone needs to be a security expert, or examine the smtp headers of every email for gosh sake.

 

The more interesting/enticing the email is the more it should raise flags.. And think before you freaking click..

 

I am with AStanley -- quite often I believe the users just don't give a ###### and IT will fix it.. Hey if the machine is down for a few hours I don't have to work sort of mentality..  You can only do so much to protect the user from themselves..  When the nightly news warns you about unwanted emails and attachments, etc..  You would think 2 seconds of thought would become mainstream at some point.. 

 

This quote is very true

?Think of how stupid the average person is, and realize half of them are stupider than that.? ? George Carlin

Link to comment
Share on other sites

Some of my customers receive 250-500 emails a day that are all legit from people they know.   Its being desensitized with working hard and being tired.  And these emails are exact copies of the real thing.  An example is the dropbox link.  Its an email from someone you know that has a link to a dropbox share.  You click on it and it takes you to a page that looks exactly like a dropbox login screen.  They think they are logging into dropbox webpage.  Thats all it takes.

Link to comment
Share on other sites

Hello,

 

The problem is that the emails are crafted not just to look genuine but also to be germane to the recipient's interests.  Oh you're a shipping manager?  Here's a waybill.  Oh, you're in accounting?  Here's an invoice.  And so forth.  That's the reason social engineering attacks like this are successful.

 

Regards,

 

Aryeh Goretsky

 

 

I am not saying everyone needs to be a security expert, or examine the smtp headers of every email for gosh sake.
 
The more interesting/enticing the email is the more it should raise flags.. And think before you freaking click..
 
I am with AStanley -- quite often I believe the users just don't give a ###### and IT will fix it.. Hey if the machine is down for a few hours I don't have to work sort of mentality..  You can only do so much to protect the user from themselves..  When the nightly news warns you about unwanted emails and attachments, etc..  You would think 2 seconds of thought would become mainstream at some point.. 
 
This quote is very true
?Think of how stupid the average person is, and realize half of them are stupider than that.? ? George Carlin

Link to comment
Share on other sites

Well then your filters are not working, you should be blocking attachments of any sort that could be used in an attack from unverified - be it you encrypt known sources. And you should be using blacklisting on your email and sinkholes dns if the email gets through to prevent access malware/bad domains both in sending the spam/attack email, etc. and blocking of netblocks to bad countries you do not do business with, etc. Why even accept email from say the Ukraine if that person does no business with them.

Sure there are people in the org that need to be able to get email from anywhere, but sorry the person doing invoices does not need email from countries in the world that no invoices would be coming from, etc. etc. To be honest, you could whitelist that inbound to only the places invoices come from, new customers have to get whitelisted as means of starting to do business, etc. Sorry but invoices and known business email would most likely come from known IPs and sources. If it comes in odd channels then it should be HIGHLY suspect!!

It can be a uphill battle, and the war has been a long one - and the problem is the enemy has a great weapon behind our defenses - the user ;)

edit: Got a couple of invoice type emails today - yeah those looks so legit.. :rolleyes:

post-14624-0-06554300-1415029751.png

I can see why someone would click on those without a second thought :huh:

Link to comment
Share on other sites

This topic is now closed to further replies.