This advisory contains information about the SEC-themed phishing campaign targeting EDGAR filers and a critical Wi-Fi encryption vulnerability.
SEC-Themed Phishing Campaign Targets EDGAR Filers and Others
On October 13, 2017, the U.S. Securities and Exchange Commission (SEC) announced that they have received reports of a spear phishing campaign targeting EDGAR filers as well as public and private companies. The scam involves emails claiming to be from EDGAR (the SEC’s Electronic Data Gathering, Analysis, and Retrieval system); the emails contain DNSMessenger malware with malicious Microsoft® Word® attachments. Opening one of these emails installs malicious code that could allow an attacker to gain unauthorized access to the affected computer.
ACA Aponix Guidance
ACA Aponix recommends taking the following precautionary steps:
- Advise your staff to never “Enable Content” in Microsoft Word unless a document is completely trusted;
- Utilize Group Policy to ensure that "Protected Mode" is enabled for all users in Microsoft Word;
- Be wary of unsolicited emails from seemingly official organizations, such as the SEC, that include attachments;
- Check links contained in emails by hovering over them before clicking;
- Consider blocking or monitoring Domain Name System text queries from workstations;
- Report any suspicious emails to the SEC's Filer Technical Support at 202-551-8900 (Option 3);
- Educate your staff on how to identify phishing and spear phishing campaigns using macro-based phishing tests; and
- Delete suspicious emails immediately.
Wi-Fi Encryption Vulnerability Discovered
A critical vulnerability in the Wi-Fi Protected Access II (WPA2) security protocol may expose Wi-Fi networks to attackers. This vulnerability allows hackers to take advantage of the 4-way handshake, also known as Krack, which generates a fresh encryption key every time someone connects to a Wi-Fi network. In message 3 of the 4-way handshake, hackers can resend the encryption key multiple times, allowing them to reset the key to zero and gain access to the network. Once an attacker gains access to a network, they can steal sensitive information or insert malware into websites.
This particular vulnerability has existed for 14 years but the researchers who discovered it say it's difficult to determine whether it has been exploited. The weakness affects devices with Android, Linux, iOS, and Windows operating systems, as well as devices manufactured by MediaTek, Linksys, and more. The United States Computer Emergency Readiness Team (CERT) notified vendors of the issue on August 28, 2017, but some vendors are still working to patch affected devices.
For more information, see: https://www.krackattacks.com/
ACA Aponix Guidance
ACA Aponix recommends taking the following precautionary steps to prevent this attack from affecting your devices:
- Patch or update software connected to wireless access points;
- Do not use the WPA-PSK (TKIP) (the original version of the WPA protocol) on Wi-Fi networks;
- Utilize a full-tunnel virtual private network (VPN) for secure browsing on Wi-Fi networks;
- Disable 802.11r or “fast roaming” on Wi-Fi networks; and
- For hotspot connectivity from mobile and/or Bluetooth-enabled devices, manually connect the device to a wireless access point (i.e., using a USB cable) rather than connecting via Wi-Fi.
If you have any questions, please contact your ACA Aponix consultant or email us at firstname.lastname@example.org.