On the night of Thursday, September 30, a mass mailing of phishing emails with a virus “on behalf of one of the financial regulators” was carried out, according to a message from Kaspersky Lab received by RBC. According to the company, a letter was sent to users' e-mails with an attachment and with the subject: “Ref: No. (an arbitrary number was indicated here), From: FTS of Russia (Request for documents)”. The real department has nothing to do with this mailing list, Kaspersky Lab emphasizes.
If a user opens such an attachment, an attacker can gain full remote access to his computer, including all the data stored on it, a company representative explained to RBC. Kaspersky Lab recorded over 11,000 attempts to launch an attachment in a letter.
Igor Zalevsky, head of the Solar JSOC CERT cyber incidents investigation department at Rostelecom-Solar, confirmed that their company had also recorded this mailing. “During the day, employees of a large number of our customers received such letters,” he said. According to Zalevsky, the attackers are trying to secretly install software for remote management of RMS on the victim's computer. “By itself, it is not malicious, but in the hands of attackers it can be used for absolutely any purpose: transferring funds through various payment systems, encrypting or stealing sensitive data (documents, logins, passwords),” a representative of Rostelecom-Solar points out … Denis Kuvshinov, head of the information security threat research department at Positive Technologies, says the attacks were targeted. In July of this year, a similar mailing took place to the state bodies of Ukraine, he noted.
Phishing is one of the most common types of cyberattacks. The text of such a letter is usually aimed at intimidating the recipient and warning, in order to avoid negative consequences, you need to go to the website to perform certain actions. By clicking on the link, the user is taken to an imitation of the official state website or any other trustworthy portal, where they are asked to enter an account and password, after which the attacker gains control over either bank accounts or personal information, which he can subsequently sell. According to Group-IB, the number of detected cases of phishing attacks in 2020 increased by 118% compared to last year.
Kaspersky Lab proposes to proceed as follows if the attachment was nevertheless opened:
- Download and install antivirus scanner
- Disconnect from the Internet
- Restart your computer in safe mode
- Delete all temporary files
- Run virus scan
- Remove the virus or quarantine it
- To restart a computer
- Change all passwords
- Update your software, browser and operating system