Watch out for Email Scams About the Olympics

There are reports that hackers are using a 2018 Winter Olympics Phishing Campaign that hides malicious attacks inside of an image! Why is this particularly dangerous? Not only does hiding the attack inside an image help it evade detection, but once it actually runs, it uses a technique that generally won't get picked up by traditional antivirus solutions. How is the Attack being Done? The attack is being delivered via phishing emails disguised as alerts from the country's National Counter-Terrorism Center, with malicious Word documents attached. Once opened, the Word doc encourages readers to enable content. DO NOT ENABLE CONTENT. The tricky aspect of this attack is that no download of the actual image is necessary: malicious code can be run from either downloaded images or images hosted on the web. That means an attacker doesn't necessarily need to download an image onto a machine in order to get the malicious code to run on that machine. What to do to protect yourself and your company • Do not to open email attachments from senders you don't know: You should be especially wary of Word documents that ask you to enable content/macros. • Do not click on any links in an email