Hackers use Mail Chimp to spread malware

The importance of having strong, unique passwords has become ever relevant this week as the hack of a number of Mail Chimp accounts has come to light.
 
The hacks do not appear to be part of a widespread breach of Mail Chimp, rather more likely the result of the use of weak, reused passwords or passwords being stolen and dumped online by cyber criminals using the Vawtrak password-stealing trojan.
 
Either way, the reality is that hackers were able to hijack Mail Chimp business accounts to send out emails containing malicious links to their subscribers. The emails claim to contain an invoice requiring prompt payment, however the attachment contains malicious code.
 
The incident shows that hackers will likely use whatever distribution channels they can in an attempt to spread their malware and turn a profit.
 
Mail Chimp released a statement saying they were aware of the fraudulent activity and had identified and disabled a small number of individual accounts sending fake invoices.
 
Nevertheless, businesses should remain vigilant as cyber criminals continue to find new ways to breach their cyber security.
 
How can you protect your business?
 
Firstly, ensure your business has an Email Security Gateway in place to block malicious emails before they enter your inboxes. 

Your business should also ensure staff are trained not to open suspicious attachments to emails they receive.
 
Additionally, your business should ensure that you are using unique and complicated passwords for all your business’s online accounts and these passwords are generated and managed by an Enterprise Password Management system to prevent your accounts from being hacked.

Finally, it is recommended that users of Mail Chimp enable the two step verification system to protect their accounts from hackers in the future.
 
If you have any questions about your security situation and or the solutions we offer we are available for an obligation free discussion at your convenience and can be contacted on 1300 769 460.