Don’t open attachments from strangers: it’s been standard anti-phishing advice long enough to become a cliché. So of course, purveyors of malware do their best to imitate someone you know.
The latest technique favored by access brokers (criminals who sell access to other criminals, including ransomware operators) is thread hijacking, according to Ars Technica’s Dan Goodin.
According to security researchers at Proofpoint, “Messages in this campaign appear to be replies to previous, benign email threads.” The access brokers infect a computer, get access to the first victim’s e-mail threads, and send phishing messages to the victim’s contacts containing copies of real conversations.
If you receive an e-mail that seems out of character, Goodin suggests contacting the person who supposedly sent it “in a separate email thread or call the person directly.” This is also standard advice, but is regularly ignored by large segments of the population.
It’s all the ransomware Bad Guys need to get inside your network and wreak their havoc.