A phishing campaign has been identified by researchers at Fortinet where threat actors are using a new variant of the REMCOS (Remote Control System) remote access trojan (RAT). The phishing emails intend to trick victims into opening a malicious Excel attachment disguised as an order file. Once opened, the document exploits a vulnerability which sets off an infection chain ultimately leading to the delivery of a fileless variant of REMCOS.
The REMCOS RAT is widely used in cybercriminal activities and has unique qualities allowing it to maintain persistence and long-term control over compromised systems while exfiltrating sensitive information back to the threat actor. For a comprehensive overview and list of the indicators of compromise (IOCs), visit Fortinet.
Tips for Staying Safe Against Phishing
- Be Skeptical of Unexpected Requests: Treat any unexpected emails or messages with caution, especially those asking for sensitive information or urgent actions.
- Verify the Source: Always verify the sender’s email address and look for signs of impersonation before clicking links or opening attachments.
- Use Strong Multi-Factor Authentication: Use multi-factor authentication methods (though not exclusively) that are more secure, such as authenticator apps or hardware tokens.
- Educate Yourself and Others: Participate in cybersecurity training and stay informed about the latest phishing tactics. Share this knowledge with your colleagues.
- Practice Phishing Drills: Part of every utility’s cybersecurity awareness training should include regular phishing drills for staff. CISA has free resources to assist, such as Teach Employees to Avoid Phishing.
- Not Sure, Call: If you are not sure that the source of an email is legitimate, call the supposed sender through previously established phone numbers to confirm the request’s validity.
- Fall for a Phish, Contact Your IT Department: If you realize after the fact that you fell for a phishing email, or you think you might have, call your information technology group to find out what to do.