LookBack looks to shutdown US Utilities
The U.S. utilities sector is starting to see higher levels of spearphishing attacks using “LookBack” malware.
According to a security researcher, spear phishing email campaigns have been identified containing the malware initially targeting three major US utilities companies. The fraudulent emails impersonate a U.S.-based engineering licensing board, with emails originating from a threat actor-controlled domain.
The emails contain Microsoft Word attachments that use macros to install and run the LookBack malware. The malware specifically contains a remote access Trojan (RAT) module and a proxy mechanism used for command and control (C&C) communication. As soon as the attachment was opened, LookBack was initiated.
What to watch for:
Any email that contains attachments should receive hyper-vigilance and speculation. If you employ advanced email security, emails are scanned for malicious content and attachments but you shouldn’t leave that to chance.
July’s LookBack attacks on U.S. utilities have not been associated with a known actor, and no infrastructure or code overlaps were identified.
Download our infographic and learn how to identify a phishing scam when you see one.
Other Articles You Might Be Interested In:
Disaster recovery plans are vital, not just important. Data becomes lost, deleted, purged, corrupted, all the time. Without that measure in place, data is truly lost. There does seem to be confusion on what constitutes a Disaster Recovery plan, however. While many...read more
Data backup is a critical part of an organization’s overall disaster recovery plan. The concept of data backup is simple: you make copies of your data and store them in a different location in case data is lost or destroyed.read more
ITonDemand was created over a decade ago to help support businesses and organizations IT services. We kept hearing from businesses, like yours, that they just wanted their IT to work. And that is what we do. We make your IT work for you.