A new Phishing threat hits Saudi Arabian Government

It seems that no organization is immune to cyber criminals as Saudi Arabian government has joined the list of organizations which were hit by cyber-espionage.

A new spear phishing attack aimed at Saudi Arabian governmental organization has planted a cyber-espionage malware on government computers via infected Word document which is in Arabic language. When opened, the file will only infect the victim’ s system but it also sends the same phishing file to other contacts through the victim’ s Outlook inbox.

The attack was found by Malwarebytes when the company' s cyber security software was activated, and the company had addressed the issue on its blog. Since the situation is still evolving, Malwarebytes refrained from disclosing the agencies involved with the attack, and it even kept off from speculating about the origin of the attack. The company is also unaware of the motive behind the attack.

“ The malware is designed to mine/steal files from the victim machine, and send them encrypted to a couple of servers,” a company spokesperson said.

This isn’ t the only cyber-attack that Saudi Arabia had faced in a long time as a similar attack targeted at its energy sector few years ago.

Similar to almost all the spear-phishing attacks, the malicious mail uses a social engineering scheme which persuades the recipient to not only open the attached word doc, but to enable the macros setting &ndash effectively bypassing the built-in security that would have halted the attack.

Tag : Phishing
FAQ
Q
What is Phishing?
A
Phishing is a type of attack carried out in order to steal usernames, passwords, credit card information, Social Security Numbers, and other sensitive data by masquerading as a trustworthy entity. Phishing is most often seen on campus in the form of malicious emails pretending to be from credible sources such as UC Berkeley technology departments or financial organizations related to the university.
Q
Why is understanding the risk of Phishing important?
A
Phishing attacks are an ongoing threat to campus and are becoming increasingly sophisticated. Successful Phishing attacks can cause financial loss for victims and put their personal information at risk.
Q
How would I know if my CalNet credentials were compromised?
A
You may not always know. Scams and malware that steal passwords are designed to be stealthy and unnoticed.

Passwords are most frequently compromised one of three ways:
Being tricked to giving up your credentials at a real-looking but scam website (AKA Phishing)
Malware or other compromise of your device which installs software designed to run in the background and steal passphrases
Re-using CalNet credentials for non-UCB websites, and the non-UCB websites are hacked and all credentials exposed
Q
Where can I learn more about avoiding Phishing scams?
A
Federal Trade Commission: Avoiding Scams 101 (link is external)
Federal Bureau of Investigation: Common Fraud Schemes and Prevention Tips
Q
What is the university doing to strengthen authentication requirements like requiring more than just a username and password to get into applications with sensitive data?
A
The University has recently introduced "multifactor authentication" on campus -- "multifactor" or "two-factor" authentication solutions require the account-holder to provide a secondary credential during the login process, usually a device-generated token, in addition to their account passphrase.