With the workforce transitioning to a work-from-home workforce, cybersecurity attackers have begun to change their approach on how to attack users. While phishing has always been a method of attack for cybercriminals, the transition to WFH has given criminals the increased opportunity to exploit users with this method as the shield from the company has been lifted for some users as they try to work from home. Which brings us to our subject matter for the day, BlackWater malware.
What can you do to prevent this type of attack?
The first thing anyone can do when receiving an email from an outside source that seems suspicious is to have it sent to their company’s IT team to take a look at the file. In the case of the BlackWater malware attack, if the user were to expand the file before downloading it one thing the user would notice is a .exe attached to the file. This is a good indicator that the file you have been sent has malware attached to it and should be immediately reported to the correct team in your business. Often what happens with attacks like these is that Microsoft has a default viewing option for files that only shows a certain number of characters in the viewing form of a file. If there is an extension needed to view the download, make sure to check it before you download and install it on your device.
Another method for detecting a phishing email is to always check the domain name of the email. Far too often hackers might have a way to find the domain name of fellow employee’s emails through passive recon they do on a company. Once the attackers have obtained a list, they will try to mimic and create a fake email address that looks like an address you might think is from your company. In reality, it contains fake and misspelled domains that will show up as out of your company list. Also, if something feels strange or doesn’t look right, again send it to your security team. It is always better to be safe than sorry. It is never a bad idea to be over cautious with these things.
Written by Adam Voss
Adam Voss graduated from Maryville University with an emphasis on pen-testing. Currently, he works at TechGuard as a cybersecurity analyst. When he's not working on projects or expanding his knowledge in the field to get his certs, he can be found doing something that involves physical exercise or rooting for the cardinals or blues.