Security News Job applicants being infected with Ransomware

[soccer97]

Some job applicants are having their computers infected with malware (Petya). It is done through multiple methods of exploitation including spear phishing, exploitation of Macros in Microsoft Office (see article). The applicationt gets an email containing a PDF or Excel file which exploits a vulnerability through Macros. Just think about all that PII in applications.

Please ensure that you have disabled macros, applied all updates (even in Office 365 you can manually trigger an update bu going to File > Account > Update).

I know someone (company) who got infected with a newer variety of Dharpa ransomware, of which there is no know decryptor available. An endpoint got infected, and spread to file server. They have been steadily improving their security prior to this.


This is another reason to disable attachment preview in Microsoft Outlook!

Dharpa is becoming more prevalent, be wise.


Source: SHRM

 

[Svoll]

Thanks for an interesting, but sad news.

That is wrong on so many levels. Most job seekers are unemployed and without income and getting targeted due to their eagerness to be employed. Think about this, if you are looking for a job, and a prospective employer emails you an application, most won't think twice about filling it out. I would fill it out as soon as possible, if my AV detects it, the only thing that would pop in my mind is a FP. Thanks for the wake up call! Ransomware is rising and rising quickly...

 

[ElectricSheep]

I'm currently looking for work myself, and there is so much dodgy stuff out there - I refuse to use the Official Government site because I keep getting warnings on there, so use alternative sites. But it's still a minefield out there!!

 

[soccer97]

I empathize, I really do. This also includes online applicant systems (where you search for jobs, click apply and go through the long application - not restricted to PDF's) Check out that article from SHRM. It gives you the scope of the problem. If I find anymore info, I will try to let you know.

 

[509322]

Any job application that insists that macros be enabled is a sure sign that something is not quite right.

Using a local system e-mail client is not only obsolete but also presents a security risk.

 

[soccer97]

Update: Ironically something (no attachment) appeared in my inbox within less than 8 hours after applying for a job.

I received an email, to the email address I used to sign up for the employer's (Applicant Tracking System), Within less than 8 hours after applying for a job, I get an email from a social media platform witj a subject line:"Confirm your account 'Someone else's name' ".

The person's name, real or not is in all caps.

And my PC is/was patched,and protected. I haven't opened the email yet.

I guess my best bet is to contact the social media platform-considering the news article? Opening that email even in OWA may result in a ransomware infection, though there is no attachment, but a link. Opening the message seems far less than appealing. Ironic Timing?


Time to change password for email address, do a Scan with ESET and Zemana and I guess enable 2FA for email.

Any other advice? Please?

 

[Atlas147]

Update: Ironically something (no attachment) appeared in my inbox within less than 8 hours after applying for a job.

I received an email, to the email address I used to sign up for the employer's (Applicant Tracking System), Within less than 8 hours after applying for a job, I get an email from a social media platform witj a subject line:"Confirm your account 'Someone else's name' ".

The person's name, real or not is in all caps.

And my PC is/was patched,and protected. I haven't opened the email yet.

I guess my best bet is to contact the social media platform-considering the news article? Opening that email even in OWA may result in a ransomware infection, though there is no attachment, but a link. Opening the message seems far less than appealing. Ironic Timing?


Time to change password for email address, do a Scan with ESET and Zemana and I guess enable 2FA for email.

Any other advice? Please?

Don't really think you need to do a change of password and a scan of all sorts cause the email is really harmless unless you open the attachments in it. In any case activating 2FA is good since it's another layer of protection.