A new spam campaign is targeting payroll providers with a phishing scam. The emails are made to look like alerts from ADP informing the recipients that the digital certificate they use to access the service is about to expire and that they must click the provided link to update it or they’ll be blocked. If someone falls for it, they are sent to a malicious site that downloads various types of malware including a Java exploit called Java CVE2012-1723 which can give a hacker complete access to the infected system.
Now just imagine if a hacker got access to the account of your company’s payroll administrator. It would be heaven for them and a nightmare for you. Whoever is behind this campaign knows that too. It’s critical that your staff be made aware of this exploit.
ISC Diary offers the following tips to protect your company:
1. PATCH your Java JRE. CVE2012-1723 is deadly, and is widely being exploited in the wild at the moment. Even better, uninstall Java JRE completely from your computers if you can get away with it.
2. Make sure your HR and Payroll folks are treated to another round of “DONT CLICK ON THIS LINK” training. They are your first line of defense, and – given Antivirus’ ineffectiveness – usually even your ONLY line of defense.
3. If you have an outsourced payroll provider, acquaint yourself with the email logs, so that you know how REAL email coming from this provider looks like. This knowledge is priceless during an incident, and might even help you to automatically block some of the more egregious phishes.
Targeted attacks like this are becoming more and more common. Spammers and hackers are no longer interested in casting wide nets and seeing what turns up. Now they are focusing their resources on specific groups of people they believe will net them most profit. Expect malicious attacks to keep rising and make sure you’re protected!