It has been reported that an international phishing campaign that delivers Ramnit Worm/Botnet malware targeting financial organisations in Asia has re-emerged, and could be heading for the UK. Once the fake email is opened by a member of staff, this then executes on the victim’s machine and a malicious file is installed on the corporate network without even the knowledge of the employee who opened the fake email. Unless the financial institution has acquired the software and procedures needed to contain such an attack, the consequences of installing this particular type of malware can be devastating – not only for the company concerned but also for its partners and clients. In addition to spreading to every fixed or portable device on the corporate network, the malware opens a back door on the financial institution’s central command and control server.
Anjola Adeniyi, technical account manager at Securonix discusses the re-emergence of this malware and what organisations can do to protect themselves from these types of phishing attacks.
Anjola Adeniyi, Technical Account Manager at Securonix:
“Phishing is a method of attack that we are all too familiar with – in this instance the bad actor poses as an anti-fraud endeavour run by the company, and attempts to convince users to provide sensitive information and open a malicious file that spreads malware to removable devices linked to the infected machine.
Financial institutions should employ machine learning and behavioural analytics to identify phishing attempts and anomalies on their networks relating to beaconing to command and control servers as in this case. Financial institutions leading the way in educating staff on cyber risk will gain advantages for their brand, both financially and reputational.”