One of the core functions of the eSentire Threat Intelligence Team is to investigate emerging threats and update or build out solutions for our services that can mitigate those threats. In one of our recent investigations, we were able to gather some intelligence from a botnet that had been sending out malicious payload links over email.
As a normal part of our investigations into threats of this nature, we have already added the payload links delivered through this attack into our AMP blacklist and have performed a retroactive scan against all monitored networks to confirm that nothing we are actively monitoring for you visited those links.
The signatures from the payload have been submitted and should be able to be detected through a scan by an updated anti-virus scanner.
As additional precautions, eSentire is recommending the following actions:
- Update your anti-virus scanner signatures on all endpoints
- If any of the accounts that are listed above belong to users that might access those email accounts from a location that we do not monitor, we advise an anti-malware scan using updated signatures be performed against those machines as soon as possible.