Omicron Covid-19 variant anxieties have inspired cybercriminals to create new themed phishing attacks. The latest campaign includes the deployment of Dridex malware. Dridex is banking malware distributed through phishing emails that contain malicious Word or Excel files contain macros. This new campaign was noticed when an agent was taunting security experts by utilising their identities as malware file names and email addresses, along with racist comments.
The Omicron-themed phishing emails state; “Please review the accompanying document for more information.” The Dridex banking Trojan will be installed on the victim’s device if they open the Excel document and allow macros. The document will then show a popup with the COVID-19 Funeral Assistance Helpline number in a weak effort at humour.
We all know that this particular variant is very contagious, and rapidly spreading around the world. As a result, Phishing emails regarding Omicron variant are spreading malware. It’s particularly effective when it comes as a legitimate email from HR, phishing emails regarding the Omicron variant are becoming popular and are likely quite effective at spreading malware. This is especially true if the phishing campaign pretends to be from the human resources department of a company and targets employees from the same firm.
Due to the fact that Dridex phishing attempts currently use password-protected files, businesses must train their employees to identify and avoid such attacks. As always, if you receive an unexpected email or one with unusual attachments, check with your network administrator or other co-workers to see if the email is legitimate.
What to Keep an Eye On:
Phishing emails with subject lines like “Attention Required – Information about Omicron Variant – November 30” have been sent out in relation with Omicron. The subject line of other emails began with “COVID test.”
Experts have seen hackers attach attachments to Omicron-related phishing emails in some situations. The attachments were created with the intention to create credential capture web pages.
Top Strategies to avoid Phishing :
- There are many different sorts of phishing attacks, and many of them come in the form of email attachments. Deploy email security solutions that can detect malicious attachments, URLs, and more to protect your company.
- Get employees onto Cybersecurity awareness programmes, such as Siccura Cybershield. Fun, and interactive programs like these will help your team stay up to date on recent phishing threats. It will also educate them on how to stop and report suspicious activities.
- Consider conducting phishing attack simulations within your company. Phishing attack simulations can help users better understand attacks and give security teams with information about the effectiveness of employee awareness programmes.
- Implement zero-trust policies and best – practice that rely on the principle of least privilege to restrict access to systems. This ensures that if a cybercriminal gains access to credentials, he or she will not be able to access important network data.
To stay one step ahead, keep an eye out for any Omicron related Phishing attacks. Remember, the signs and delete those emails.