Look Ma, No Macros!

Successful hackers should be very proud—they’ve created yet another way to trick the masses and infiltrate the systems of countless victims.

Kaspersky Lab researchers found an undocumented and little-known feature in Microsoft Office that allows hackers to gather configuration data on targeted systems without the need to create macros. Microsoft Word, Microsoft Office for iOS and MS Office for Android include this feature—now turned vulnerability.

Kaspersky researchers found a curious document in several spear-phishing emails. The Word documents were in OLE2 (Object Linking and Embedding) format which allows you to embed objects and links to multiple sources. Hackers are using this feature to create fields that point to files rather than imbedding them in the document.

The particular field being used is called “INCLUDEPICTURE” and hackers are manipulating the code to trigger GET requests to malicious URLs without the need for VBA macros, embedded Flash Objects, etc. When a victim opens the file, information about the software installed on it is sent to the attackers.

Why do hackers want to know what is installed on your PC? Because they are profiling victims for future targeted attacks. Knowing the versions of installed software allows attackers to devise exploits to penetrate those systems and steal data more efficiently. After all, cybercrime is a business and time is money!

So far, the document being used in the attack is an MS Word document containing Google Tips. I’m sure many other themes will be used, so be on your guard.

Researchers also found that if the compromised Word document is opened in LibreOffice or OpenOffice, the malicious code is not triggered.

Folks, this is a serious thing so don’t take it lightly. If you own a business or work in one, you can be spear-phished with malware specifically created to exploit the vulnerabilities in the software you are running on your PC, putting your whole company network at risk. A specialized attack can be designed to steal data or hold it ransom or both!

Contrary to what many people believe, Small-to-Medium Businesses (SMBs) are being targeted by the bad guys because they know that most do not have strong cyber defenses or training programs.

Again, to keep yourself safe (there’s nothing new here):

  1. Make sure your anti-virus is up-to-date and active.
  2. Keep your Operating System and third-party applications updated and patched.
  3. Don’t open attachments or click on links in emails, especially if you do not know the sender or were not expecting an email from the sender.
  4. Do not run your PC using an administrator account for day-to-day computing.
  5. Share this newsletter and keep your employees informed on what the thieves are presently up to. Knowledge is power—so use it to your advantage.

If you do these five simple things, you’ll be safer than most people who simply ignore the warnings. In this case—what you don’t know will hurt you. Take notice and be safe.

 

XSolutions is an Elite Partner of Datto, the world leader in Hybrid-Cloud Business Continuity solutions whose systems protect 250+ Petabytes of data with over 800 employees around the globe. Call (845) 362-9675 and lets discuss your specific needs.