The attack combines an old school Microsoft Word Macro malware attack with a decidedly new school approach of redirecting victims to exploits stored on Dropbox.
The attacks came in as targeted spear phish in the form of an invoice, purchase order, or receipt, written exclusively for the recipient. The attacks were aimed specifically towards high profile, money-rich industries such as banking, oil, television, and jewellery. Victims were duped into opening an email attachment in the form of an invoice, written specifically for the recipient.
Visual Basic Scripting for Applications feature in Microsoft Office used for spear phishing. The exploit is not just limited to MS doc. Attackers can do the same using any MS document supporting macro. This particular tactic is not exploiting anything in MS Doc/office. Once opened, the malicious Word attachment fired an On-Open macro, which then downloaded an executable and launched it on the victim’s machine. The threat actor used the cloud-based file-sharing service offered by Dropbox to host four separate pieces of the payload for the exploit.
Our 360° Managed Security Programme provides businesses with extremely high levels of protection for their data and systems in a proactive way by actively monitoring your systems on a remote basis. We offer a multi-layered approach to security, securing your software, hardware and internet connections including network and internet security along with firewalls.
Why not get in touch and find out how we can help secure you and your business from security threats on 0330 400 5465 or sales@csgrp.co.uk