A CIS Cyber Alert (see below) has been published detailing a Phishing campaign that utilizes a weaponized PDF document that exploits a vulnerability in Adobe Reader(CVE-2013-2729). This campaign attempts to entice users to open the attached file by referring to an “Unpaid invoic”(sic)
This campaign is utilizing the Dyre Banking Trojan, focused on stealing banking credentials.
- Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
- Do not open email attachments from unknown or untrusted sources.
- Limit user account privileges to those required only.
- Remind users not to visit untrusted websites or follow links provided by unknown or untrusted sources.
- Keep all operating system, applications and essential software up to date to mitigate potential exploitation by attackers.
- Ensure that systems are hardened with industry-accepted guidelines.
- Make sure all AV products are up-to-date with their signatures.
- Implement filters at your email gateway for filtering out emails with subject line “Unpaid invoic”. [Note the typo]