That Employee You Want to Hire May be a Hacker
Quick Answer
Attackers now disguise malware as inbound resumes to HR. Bleeping Computer reported a campaign using a fake job application from "Eva Richter" carrying an executable masked as a PDF that drops Ordinypt Wiper, malware that pretends to be ransomware but actually overwrites files with garbage so they cannot be decrypted even if a ransom is paid. The HR inbox is an attractive target because it routinely receives unsolicited attachments from strangers. Defenses: scan every attachment for executable content, block double extensions and disguised binaries at the gateway, train HR to open resumes only after extracting and inspecting them, and prefer applicant tracking systems with built-in file sanitization over direct email submission. Email security with attachment sandboxing catches the wiper before it lands in a recruiter's mailbox.
You have to hand it to hackers. They’re always coming up with new ways to slip some malware passed unsuspecting email recipients.
It’s not uncommon today for prospective employees to email their resume to the HR department of the hiring company in an effort to land a job. What is uncommon, or at least it was until recently, was for that resume to contain malware.
Now, according to Bleeping Computer, “A new spam campaign is underway that pretends to be a job application from ‘Eva Richter’ who is sending her photo and resume. This resume, though, is actually an executable masquerading as a PDF file that destroys a victim’s files by installing the Ordinypt Wiper.”
“Ordinypt is a destructive malware commonly targeted at German people that pretends to be ransomware that encrypts your files and then demands victim’s pay a ransom to get their files back. Unfortunately, even if a user pays the ransom, the files have been overwritten with garbage and cannot be decrypted.”
This is just one more example of why companies need to invest in spam filtering and phishing protection software. It’s because hackers are clever and will never stop probing to find a human weakness to exploit. And when they do exploit it, there had better be some backup protection in place.
If you’re in need of the full suite of software protection services for your company, have a look at our email security services. It’s got all the email protection you’ll ever need including scanning attachments for executable files.
General Manager
General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.
Secure your email infrastructure
Protect, authenticate, and deliver. Contact our team to find the right solution.