Texas School District Employees Hit With a W-2 Phishing Scam

This week we hear how Texas School District Employees were Hit With a W-2 Phishing Scam and how Shamoon Malware Reemerges in Middle East. Read the full report to learn more and get access to the week’s Top Malicious IP addresses.

Breach

Texas School District Employees Hit With a W-2 Phishing Scam

Employees of The Argyle Independent School District in Texas are being informed of a potential data breach that took place on January 25. An employee received a phishing email from what appeared to be from the district superintendent requesting W-2 information for all employees. The employee complied with the email by attaching and emailing all W-2 information.

At this time, the Argyle ISD has been in contact with numerous agencies, such as the FBI, IRS and local police departments. The IRS did state they will be monitoring the tax returns of those affected to ensure non-fraudulent transactions. For those affected by the data breach, the district is offering a free year of credit monitoring.

References: Argyle I.S.D. Employees Hit with Data Breach | Argyle School District Employees Hit with Data Breach | Texas School District Hit by W-2 Phishing Scam

Mitigation Strategies:

  • Log management could detect any suspicious user account activity
  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies
  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection. 
    • Anti-virus would detect file infection on the local host
  • E- Mail filtration would scan incoming files and hyperlinks of any malicious links or code

Malware

Shamoon Malware Reemerges in Middle East

The newest and latest Shamoon virus, which is so dangerous that it can flush away all your data and clean up all your disk spaces, is reported to be active in Saudi Arabia. At least 15 Saudi government offices and private companies have been hit by another wave of attacks from Shamoon 2 malware that leaves hard drives completely erased.

First it attacked Gulf and mainly KSA to espionage the energy sector in 2012. The attack was so severe that it infected and destroyed the data of 35000 computers only in Saudi Aramco. A new and updated version, dubbed Shamoon 2 or Disttrack, cropped up last year and again earlier this month, but the new attacks on Monday are more widespread than before. The state media reported that the Saudi Arabian labor ministry has also been hit.

References: Disk-Nuking Malware Takes Out Saudi Arabian Gear | Cyber Threats Posed To the Middle East after the Rebirth Of Shamoon | Second Wave of Shamoon 2 Attacks Identified

Mitigation Strategies:

  • Anti-virus would detect file infection on the local host
  • FIM solution would detect any type of file modification or addition
  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies
  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection.
  • Log management could detect any suspicious user account activity
  • Mail filtration would scan incoming files and hyperlinks of any malicious links or code

This Week's Suspicious IP Addresses

218.65.30.43 122.194.229.5
197.243.40.110 188.118.2.26
81.183.56.217 46.109.168.179

*IP addresses provided by Recorded Future.