Introduction This article is to provide some insight into the step-by-step process of manually reverse engineering a malicious HTML attachment and how to extract important information. We will look at the different types of reverse engineering, the how, what, and why an attack was carried out, and interesting obfuscation techniques being utilized by threat actors. What is Reverse Engineering? Reverse engineering is the process of analyzing software, typically closed source, to better understand its inner workings. This is achieved by working backwards, whereby the software is disassembled piec ..read more

Introduction In recent months, there has been a significant rise in QR code phishing attacks, successfully bypassing email filters and leading to compromised mailboxes. Why are QR code, also known as “Quishing,” attacks becoming more popular? These appear harmless as we use QR codes from restaurant menus to airline tickets. However, they are an effective way to hide a malicious threat. The QR code itself can conceal a malicious link, which can appear as a standard image if not actively scanned and parsed. Given the widespread use of scanning QR codes daily by millions of people, receiving one ..read more

Introduction Impersonation of a known brand is a common tactic used in phishing emails. In this type of attack, the attacker poses as a trusted individual or organization in an attempt to gain the victim's trust. Typically, threat actors will use official images and copy the structure of legitimate emails to make the impersonation more convincing. The goal of these emails is to trick the user into clicking a link and sharing credentials. Frequently URL shortening services are used to make malicious URLs seem more trustworthy and harder to detect. In recent weeks we have noticed a trend of new ..read more

Introduction Humans can easily tell when two things are visually similar, however, for a computer this task is not as straightforward. In recent years we have seen an uptick in new technology, such as computer vision, that are extremely promising. Computer vision is closing the gap between human and machine at an astonishing pace, as a result, companies are leveraging its powerful capabilities for a variety of purpose. While impressive and feeling like a solution to a variety of problems, there are some limitations. Deploying at scale is very resource intensive in both monetary and physical te ..read more

Reading Bakery Sytems, Pennsylvania, USA What is Business Email Compromise (BEC) Business email compromise (BEC) — also known as Email Account Compromise (EAC) — is one of the most financially damaging online crimes. These are emails that appear to come from a known or trusted source making a legitimate request. These impersonation attempts typically take the form of: A vendor or supplier requesting a payment A high-ranking exec requesting a purchase or some kind of financial transaction An employee requesting a change to their payroll information. BEC scams are often highly researche ..read more

It’s one of the most frequently asked questions we hear from MSPs - “why should I use Mesh when my clients have EOP or Microsoft Defender?” Leaving the detection benefits aside for another day, here are 3 key advantages Mesh offers MSPs over using EOP or Defender from Microsoft. 1 - Message Tracing & Response Most MSPs receive several tickets each day relating to emails - usually from users who cannot find an email or, whom have received a suspicious email they wish to query with you. In both scenarios, the MSP response is similar. Login to the client’s tenancy and use the Message Trace fu ..read more

Within just a couple of days of the Russian invasion of Ukraine, a number of Ukrainian nongovernmental organizations and volunteer groups successfully raised more than $5 million in cryptocurrency donations. This led to the Ukrainian government taking to Twitter to launch their own appeal to help in the fight against the Russian military. Stand with the people of Ukraine. Now accepting cryptocurrency donations. Bitcoin, Ethereum and USDT. BTC - 357a3So9CbsNfBBgFYACGvxxS6tMaDoa1P ETH and USDT (ERC-20) - 0x165CD37b4C644C2921454429E7F9358d18A45e14 — Ukraine / Україна (@Ukraine) February 26, 20 ..read more

In August of 2021, Microsoft announced changes to CSP and a price increase that comes into effect tomorrow, March 1st. The hike will see prices rise by a whopping 20% for monthly paying customers unless they move to an annual billing model, in a move that has angered many managed service providers. Since the announcement, MSPs have been considering how best to approach to this undoubtedly frustrating conversation with their customers. Having spoken to many MSPs over the past few months, here are some of the strategies MSPs are using: 1 - The MSP Owns The Risk In some cases, the MSP is opting ..read more

A user just reported receiving a phishing email to your helpdesk. How do you respond? Email security companies don’t like to talk about the fact some emails will slip through their net, but no solution is 100% accurate. If one was, every organization would be using it. So what happens when something evades detection? How can you as an MSP respond? The answer to this question is going to be similar regardless of what email security solution you currently use. Either the end-user reports the missed detection directly to the vendor (via a plugin), or you walk them through the clunky process of fo ..read more

A zero-day vulnerability involving remote code execution in Log4j 2, given the descriptor "Log4Shell" (CVE-2021-44228), was discovered on December 9th, 2021. Although it was discovered through a bug bounty program for the popular game Minecraft by Chen Zhaojun of Alibaba Cloud Security Team, its effects reach far beyond the game. This software is used by many websites and applications, mainly to perform tasks such as logging information for use by that website's developers, for debugging and other purposes. If exploited, the vulnerability allows remote code execution on vulnerable servers, gi ..read more