Researchers from Proofpoint discovered scam emails that are made to look like they’re coming from the Democratic National Committee (DNC). The emails utilize language from the DNC website to request recipients to volunteer, and the messages contain malicious software. The emails are coming from various senders and appear with different subject lines, but they all state they’re being sent on behalf of the DNC. Included with the email is a Word attachment. When attempting to open the attachment, users are asked to enable macros—if enabled the malware will begin its processes. Proofpoint researchers believe Emotet is the malware being used in the campaign and it looks as if over 30,000 emails have already been sent. While it may appear the threat actors involved in this instance are fans of politics, it is more likely that they are just motivated by money.
It is important for people to understand the dangers of dealing with emails from unknown senders, especially if they request action from the user. It is advised to never open attachments if the sender is unknown–especially if the attachment asks to enable macros. The combination of anti-virus software with Endpoint Detection and Response (EDR) tools can help prevent or stop intrusions. An adequate monitoring system that fits the needs of an organization is also very important, this will allow businesses to get ahead of the infection and stop it before important files are compromised. At Binary Defense, our Security Operations Task Force analysts monitor endpoints for signs of intrusions, and we alert our clients as soon as any suspicious activity is noticed.