Beware: New Russian Malware
There is a new malware in town and this one could prove to be very risky. The malware named Cannon is seen to take screenshots of infected personal computers and can record system information. With ties to the hacking group Fancy Bear, also known as Sofacy and APT28, this malicious cyberattack sends phishing emails that reference the recent Lion airplane crash. The phishing email will have an attachment to a word document that references this event and will let you know that you need to enable macros because it was created in an earlier version of Microsoft Word. Once you click to enable these macros, the malware begins to install. However, the malware will not go into effect until after you close out of the Word document in an effort to avoid detection. Cannon, once installed, is set to take screenshots every ten seconds, and gets full system information every five minutes. Cannon will then email this data to one of three known servers.
It looks like the latest round of Cannon has been used to target a government organization in Europe. Although it seems this last attack has been on government agencies, I would like to propose a few simple tips for safer practices that I believe would help against malware like Cannon.
- Be careful with suspicious emails: If you do not know where the email is from and something looks off about either the subject line or the address sending you the email, proceed with caution.
- Do not open attachments from suspicious emails: If the email seems off, there is a good chance it could be. Opening an attachment from this will let the malware have the chance to try and be installed onto your computer. I would say it would be best to be safe and not open that attachment.
- Have a cybersecurity suite built to your needs: If you are protected, there is less of a risk of being online. For example, phishing alerts are offered by certain cybersecurity companies and could help alert you if an email with cannon ever did enter your mailbox.
- Stay aware: Knowing what is going on in the cybersecurity world will make you less likely to let viruses and malware scam you because you know what to look for. From reading websites like ZDnet.com, risk could be minimized from actively understanding and knowing what's going on around us.