USA Today Owner Gannett Hit by Phishing Attack

This week, the Alert Logic ActiveIntelligence team reviews a phishing attack on USA Today owner Gannett and a new Apple-targeted OSX/Dok malware.

Breach

USA Today Owner Gannett Hit by Phishing Attack

Gannett, which owns more than 100 newspapers across the US, including USA Today, has been hit with an email phishing attack, potentially compromising the accounts of nearly 18,000 current and former employees. The media company said hackers may have accessed employees' personal data exposing SSNs, bank info, and work history after several people in its human resources department became victims of a malicious phishing attack.

Gannett notified federal law enforcement and informed the 18,000 employees about the cyber attack. Current and former employees are being offered free credit monitoring service since their data was potentially available through some of the affected employees' account login credentials before they were locked down.

References: Gannett Company Hit With Phishing Attack | Gannett Hit With Email Phishing Attack | Gannett Phishing Attack Affects 18k Employees

Mitigation Strategies:

  • Web application firewall management and advanced anomaly detection. 
  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies.
  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection.
  • FIM solution would detect any type of file modification or addition.
  • Web filtration to prevent users from clicking on malicious websites.
  • Log management could detect any suspicious user account activity.

Malware

New Apple-targeted OSX/Dok Malware

A new strain of malware targeting Mac users is attempting to slip past defenses through a phishing scheme and a signed Apple developer certificate. The malware, called "Dok", reportedly affects all versions of MacOS/OS X, and is the first of its kind. It is being directed specifically at European Mac owners through a coordinated email phishing campaign claiming problems with the target's tax return.

References: Horrible New Mac Malware Can Steal Your Passwords and Financial Info | Again, Another Reason Not to Open Unexpected or Suspicious Looking Attachments | Malware Uses Apple Developer Certificate to Infect MacOS and Spy on HTTPS Traffic

Mitigation Strategies:

  • E-Mail filtration would scan incoming files and hyperlinks of any malicious links or code.
  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies.
  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection.
  • Log management could detect any suspicious user account activity.
  • Web filtration to prevent users from clicking on malicious websites.

This Week's Suspicious IP Addresses

61.177.172.44 61.177.172.59
116.31.116.46 183.60.48.25
138.68.76.104 72.51.50.172

*IP addresses provided by Recorded Future.