An increase of sophisticated phishing attacks in Sweden

Whilst sitting and working in the South African office I receive an
email from my Swedish ISP. I quickly look at it and there is something
that doesn’t add up. The email states that I need to pay my invoice, but
I never receive electronic invoices from this company.
There has been a huge increase in these kind of phishing emails lately
but it’s the first time I have seen these emails. What makes this
campaign so interesting is that they have not just addressed the email
to me, but also included my child’s name. This is something I have never
seen before. How they got access to my child´s name is not sure, one
speculation is that they compromised a Swedish governmental agency, but
this has to be left unconfirmed.

What happens when you click on the link is it will redirect you to a
website. This website will enumerate from your country of residence to
make sure that you are actually a Swedish victim. Additional to this, it
will enumerate your browser by analysing the User-Agent string.

Why they check the Operating System is because the next step in the
campaign is to trick you into downloading a Windows executable. We are
currently investigating what the malware is doing, but from our previous
research it seems that it’s some kind of Cryptolocker.

  • Kamis, 14 Jul 2016
  • Penulis: David Jacoby, SecureList (Kaspersky Lab)

Pemantauan Trafik Internet Nasional

Laporan pemantauan trafik internet nasional dengan menampilkan laporan trafik mingguan, trafik bulanan dan trafik tahunan.

Peringatan Ancaman Keamanan & Kerentanan Sistem

Kumpulan arikel tentang peringatan dini ancaman keamanan dan kerentanan sistem.

Security News

Kumpulan berita tentang keamanan siber atau IT.

Laporan Insiden

Id-SIRTII/CC menerima pelaporan insiden dari publik untuk kemudian dilakukan koordinasi kepada pihak-pihak yang berkepentingan.