Story image

Phishing scam impersonates Ministry of Primary Industries

29 Aug 17

Following last week’s reports phishing emails appearing to be from from Inland Revenue were making the rounds, yesterday CERT NZ released a warning of a phishing scam claiming to be from the Ministry of Primary Industries (MPI).

The email appears to come from a genuine-looking address: info@mpi.govt.nz. The email contains an attachment with keylogging malware.

The malware, CVE-2012-0158, may exploit a Microsoft Office vulnerability that was first found in 2012, but many systems have still not applied patches.

Attackers are still finding their way into those unpatched systems through the Python keylogger.

A 2016 blog from security firm VMRay says that although the exploit is old, attackers are still confident there are enough unpatched versions of the Microsoft Office exploit to make further attacks worthwhile.

The attached file is a malicious Word document that downloads and installs the keylogging software on the infected machine.

CERT NZ says that if users’ Microsoft Office patching is up to date, the malware cannot launch or do any damage.

Those running unpatched versions of Microsoft Office and have opened the attachment may have the keylogging software on their machines. CERT NZ recommends consulting an IT specialist for further mitigation.

 CERT NZ also recommends the following tips for preventing further damage:

Keylogging software is difficult to remove. The best remediation is to rebuild your machine from the last back up taken before this email was received. We recognise this is a difficult step for many users and organisations.

Alternatively, take your machine to an IT specialist to rebuild the machine.

Enable multi-factor authentication across key online and administrative accounts. In these cases, if a person has your password, enabling multi-factor authentication will prevent them from logging in.

Once you’ve removed the malware, change all the passwords used on the computer since opening the malicious attachment.

Last Week Inland Revenue reported a phishing scam that masqueraded as a tax return form. The scam attempted to trick recipients into providing their personal and credit card data.

The fake IRD email appeared to be from Inland Revenue Department but was actually sent from an email address IRDxxxxx@s1.nzr.review

Report finds GCSB in compliance with NZ rights
The Inspector-General has given the GCSB its compliance tick of approval for the fourth year in a row.
Preparing for e-invoicing requirements
The New Zealand and Australian governments are working on a joint approach to create trans-Tasman standards to e-invoicing that’ll make it easier for businesses in both countries work with each other and across the globe
5c more per share: Trade Me bidding war heats up
Another bidder has entered the bidding arena as the potential sale of Trade Me kicks up a notch.
Hootsuite's five social trends marketers should take note of
These trends should keep marketers, customer experience leaders, social media professionals and executives awake at night.
Company-X celebrates ranking on Deloitte's Fast 500 Asia Pacific
Hamilton-based software firm Company-X has landed a spot on Deloitte Technology’s Fast 500 Asia Pacific 2018 ranking - for the second year in a row.
Entrepreneur reactivates business engagement in AU Super funds
10 million workers leave it up to employers to choose their Super fund for them – and the majority of employers are just as passive and unengaged at putting that fund to work.
Tether: The Kiwi startup fighting back against cold, damp homes
“Mould and mildew are the new asbestos. But unlike asbestos, detecting the presence – or conditions that encourage growth – of mould and mildew is nearly impossible."
Capitalising on exponential IT
"Exponential IT must be a way of life, not just an endpoint."