Security firm Malwarebytes has discovered attacks targeting SMEs apparently coming from a Devon-based toiletries firm.

A new wave of targeted email attacks aimed at small and medium-sized businesses has been uncovered, purportedly stemming from a Devon-based cosmetics company.

The attacks were discovered by security firm Malwarebytes, who say that those targeted were being infected with the notorious ZeuS banking Trojan, the pernicious Cryptolocker ransomware, as well as various other threats.

The malicious spam emails contain PDF file attachments claiming to be invoices from Broad Oak Toiletries and have so far been sent to thousands of individuals and businesses.

An advisory on the company's website reads: "We are currently experiencing an unprecedented number of emails and telephone calls into the business because someone has spoofed one of our email addresses from an outside source.

"Our systems are not compromised in any way, and none of the SPAM emails are from a valid Broad Oak Toiletries email address."

Under investigation

Mark Goodden, company secretary at Broad Oak, told IBTimes UK that he believes that his firm was selected at random to be used as the bait by the attackers.

"It's definitely random," Goodden said. "The spam emails seem to be have sent out to a myriad of people, though none of which were our own customers or suppliers."

"We're a large enough company for something like this to seriously damage our reputation."

Saint Werburgh's Church, WEMBURY BAY
A picture postcard view of a typical Devon landscape Robert Pittman

Broad Oak first heard about the malicious emails three weeks ago but has experienced a surge in the number of people contacting the company with regards to the fake invoice over the last few days.

Action Fraud are currently investigating the matter and according to Goodden, the investigation has so far revealed that Broad Oak is not the only company to be used in such a way.

A spokesperson for Action Fraud told IBTimes UK that such attacks can and have originated from organisations of all sizes, including British Airways and the Royal Mail, and affect approximately one in four businesses every year.

Rare form of attack

While most malicious attachments are zipped executable files that infect a user's PC directly, the type of attachments used in the most recent attacks appear as regular documents. This allows them to sneak by any antivirus software installed on the computer.

"Using exploited documents to steal company info is a step up from typical spam emails," Chris Boyd, an analyst at Malwarebytes, told IBTimes UK. "Booby trapped files can be much harder to defend against, as they infect your computer using everyday software which staff take for granted.

"Attachments which look legitimate, and are seemingly part of daily business activities, can actually secretly be downloading bank stealing software in the background. The fact that there is a new wave of such exploits shows that cybercriminals think SMEs are a ripe target."

Any version of Adobe Reader that has not been recently updated is vulnerable to infection. When the PDF file is opened, an error message appears, which leads to the actual exploit when clicked on.

Malwarebytes has advised that businesses and individual users looking to mitigate these attacks should always make sure that their operating systems are up to date as well as all their browsers and respective plugins.