This first one being labelled BazaLoader, after the group BazaCall who is behind this malware attack, is a phishing email that is designed to trick you into interacting with emails claiming copyright infringement. There is also a second wave of phishing attacks pretending to come from a trusted source, inviting you to interact with the email. These two phishing attacks are successful in bypassing standard email cybersecurity as there are no links or attachments. These phishing emails ask for you to call the help center in which a customer service representative will direct you to a malicious website. From there you end up installing the malware.
Windows Print Spooler
The second Microsoft alert takes us back to our old friend, Windows Print Spooler. In a previous Security Byte, we discussed a known Windows print spooler vulnerability that Microsoft was patching. Unfortunately a new vulnerability has been identified in the print spooler. Microsoft released an out of band update to patch this new vulnerability.
Training and Awareness
With phishing emails that can sneak passed your email security solutions, it is critical to regularly train and educate your employees about phishing emails. One of the best ways to do this is by providing examples of what phishing emails look like. Consider showing a phishing email during a routine meeting. Make time to talk about them.
Updating your devices
With these two new malware attacks, this is a reminder to continuously update the software on your devices. We have recently written on the importance of this in a previous Security Byte. The below statement comes from that Security Byte.
“Software/application updates: These are updates to the software installed on your device or the applications or apps installed on your devices. These can include updates for your cybersecurity solutions, business tool solutions, and operating systems, along with your social media apps, banking apps, and business tool apps.”
Updating our devices may seem like a hassle and updates happen at the most inconvenient times known to all, but they play an absolute critical role in securing our business data. Cyber criminals are always searching for vulnerabilities and updates help patch those once known. They are one of the best ways to cybersecurity your small business.
For more information on cybersecurity for small business, check out Small Business, Big Threat!