Intelligent CIO Africa Issue 20 - Page 28

EDITOR’S QUESTION WHAT PROCEDURES SHOULD COMPANIES HAVE IN PLACE TO MINIMISE PHISHING ATTACKS? ////////////////////////////////////////////////////////////////////////////////////////////////////////// K aspersky Lab researchers have detected a new wave of financial spear-phishing emails designed to make money for cybercriminals. The emails are disguised as legitimate procurement and accounting letters and have hit at least 400 industrial organisations. The series of attacks started last autumn and targeted several hundred company PCs in industries ranging from oil and gas, to metallurgy, energy, construction and logistics. In the detected wave the criminals not only attacked industrial companies together with other organisations, they were predominantly focused on them. They sent out emails containing malicious attachments and tried to lure unsuspecting victims into giving away confidential data, which they could then use to make money. According to Kaspersky Lab’s data, this wave of emails targeted around 800 employee PCs, with the goal of stealing money and confidential data from the organisations, which can then be used in new attacks. The emails were disguised as legitimate procurement and accounting letters, containing content that corresp ۙYBٚ[HوH]XYܙ[\][ۜ[ۜY\YHY[]HوH[\YYH8$HX\Y[وH]\]\]ܝB]H]X\][Y\YBSSQSS\]YX[\HK\Y\]H]X\H\Y[H\\Y[]ܚ[Z[[H[YH][[[]YX[]\܈XX\\[HX\Y[XYۈHX[X[\˜]XY[[YYYY][X]Hٝ\B\\ܙY]H[[YۈH\]\]ܚ[Z[[[ۛX] ^[Z[B[[ٝ\H[]YB\[Y[ [[X[[X[[›\][ۜˈ\\[ܙKH]X\\H[܈Y\[^\[Z][[X[]Y X\[[\]Z\]\š[^[Y[[]][ۙ^H܂Z\[Y] [ܙ[ݙ\[]\ܚ[Z[[YYYY][ۘ[]H܈\X[]Y\X\›؝Z[[[YZ[\]܈Y܂X[[\\]][X][ۈ]H[[X[XY][B[\\H]ܚH]X\\YYY][ۘ[]وX[\K\\Y[]YX[H܈[]XۈXXX[K\[YY]\KY][ۘ[[[BYZ[\][ۈ]^[H۝و]X\ۈ[XY\[\[X[\H^][\X[]Y\[B\][\[K\[\HZ[ZZ]][\\؝Z[]HB[X[˂YX[[KZ[YX\\[X\Y]œXۙ[X[]Hو[XZ[X\]B\ܝ]Y[YY\H]\[XZ[ XܛBX]X[ܙ[\][ۜو[^\[[\Y\ؘ[K[ܙH[ L Hوܙ[\][ۜœ\ܝYYZ[H[YHو\[˜]X[ܙX\Hݙ\H\ L[۝[H HZY^H]H[YBو[\\ۘ][ۈ]X\KXZ[˜X\X\]HH[ܚ]H[\BH Y]\\۸&][^\H\N Bو\ۙ[ZYZ\[][^X]]B[[]]H]H[\ۜHH\[˜]X[ IHYZ]Y]Z\X[Y[Y[[[[HX[\\[&]ۛYXXH[YY[YH[[[\\ۘ][ۈ][\ '[XZ[ X\Y]X\Hۜ[H][˜[\\X\[[ۜ]\HYY܈ܙ[\][ۜYHX\\[Y[B]YH]\^[ۙHY[K[ۛB\X 8'HZY]\]Y\YY^X]]BٙX\وZ[YX\ '\\[ܙH[\[U؛[K]\]Z\\[ܙ[\][ۋ]YHYܝ][]\X[HZZ\]BYX\]H][ۜ[XH[[\\™[\YY\8$HH\Z]HHX\[ۂ\8$HH\[HوY[K'B˚[[Y[[˘