Over the last month, we’ve noticed an increased amount of weaponised trojan documents detected by our Custodian360 agent.
Criminals have setup a large variety of fake email campaigns spoofing email domains to imitate genuine emails typically from financial institutions such as PayPal, HMRC, Sage, Barclays etc. They typically use language which demand the user’s attention such as an “unpaid invoice” or “bill attached” and have a weaponised document attached for the user to open.
i Example of spoof email (Screenshot taken myonlinesecurity.co.uk)
Once opened, the threat will attempt to use exploits and vulnerabilities in Office to gain ability to create system process and download additional malicious payloads all without the users’ knowledge.
Whilst newer versions of Office have additional protections and countermeasures against this type of attach, many businesses still run older versions of Office. In a 2017 survey by Spiceworks, 68% of companies are still running instances of Office 2007 which won’t have sufficient protective measures in place against this type of threat.
Custodian360 effectively protects against this type of threat by using documents and scripts analysis engine to prevent their execution including unknown zero-day campaigns.
However, end users should still be advised to be vigilant and avoid opening unknown attachments and companies should be encouraged to move away from using older versions of office due to the vulnerabilities and increased security risk which these types of threats attempt to exploit.
Data Snapshot: The state of productivity suites in the workplace
Found on Spiceworks: https://community.spiceworks.com/software/articles/2873-data-snapshot-the-state-of-productivity-suites-in-the-workplace?utm_source=copy_paste&utm_campaign=growth
Alex James – Lead Security Analyst – Custodian360