Word documents can be a cybercriminal’s gateway to your PC. Shutterstock photo.
Cyber attacks increased to historic levels last year, and so far this year they don’t seem to stop. Now, the new cyber threat arises from a simple Word documentwhich, according to a Japanese cybersecurity group, would act as a gateway to steal all kinds of private data stored on a PC.
Nao_sec specialists have recently identified a zero-day office vulnerability, the suite of Microsoft applications and programs for computers. Previously, researcher Kevin Beaumont called this threat Follinabecause the reference of the analyzed sample, 0438, coincides with the postal code of the Italian municipality of the same name.
Through a specially crafted Word file, a cyber-attacker can exploit Follina for run PowerShell commands with Microsoft Diagnostic Tool (MSDT), which sends information about the system status.
This execution of Malicious code It bypasses Windows Defender’s detection and can be run even if macros, a series of instructions grouped into one command to perform a task automatically, have been disabled.
The Microsoft Office program package, where the Wiord word processor stands out. Photo: Microsoft.
Beaumont explained on his blog that the Word document “uses the remote template function to retrieve an HTML file from a remote server, which in turn uses the ms-msdt MSProtocol URI scheme to load the code and run PowerShell.” This, as she points out, “shouldn’t be possible”.
According to the expert, the impact on the user’s equipment is immediate, just open the Word document. The cyber attacker would have access to the system, with the ability to collect hash of passwords on Windows machines.
Cyber attacks on the rise in Argentina
During the pandemic, cybersecurity attacks against users, but to a greater extent companies, grew exponentially in Latin America.
At the regional level, in the Check Point Software Threat Intelligence Geographic Regions Report, an organization in Latin America is attacked (by threats in general) for an average of 1,586 times a week in the past six months, compared to 1,116 attacks per organization globally.
The landscape of current cyber attacks and threats revealed a increase in ransomware attacks. In light of this, Check Point Software has secured a 14% year-over-year increase so far in 2022 globally, with 1 in 60 organizations globally affected by these types of attacks weekly. The cost of the ransomware is 7 times higher than the ransom paid.
“Cyber attacks continue to grow at an alarming rate, in volume, sophistication and impact. In this age of cybercrime, the need to protect organizations from advanced attacks is more important than ever. To stay protected, companies need to use cutting-edge technology and not settle for second place. In that line, giving priority to prevention is essential to combat this growing threat, ”says Alejandro Botter, Check Point’s technical manager for Latin America South.
In the case of Argentina, one organization has been attacked on average 1,682 times a week in the past six months, compared to 1,137 attacks per organization globally.
LinkedIn, one of the social networks that receives the most cyber attacks. Shutterstock photo.
Over the past five years, ransomware operations have come a long way, from casual emails to targeted attacks on multimillion-dollar companies, these attacks target organizations in nearly any geographic location and within any industry.
Check Point Research (RCP) noted that threat groups around the world use Russian / Ukrainian-themed documents to spread malware and lure victims into cyber espionage.
Meanwhile, Kaspersky’s Annual Spam and Phishing Report 2021 revealed that cybercriminals have used many popular topics defrauding users through campaigns phishing.
The investments in cryptocurrencies or shares were one of those themes: in these scams, users were being offered potentially great and “100% safe opportunities. They also revealed those based on world premieres of films.
The social networks, as usual, they were the main target of cybercriminals, as from there they can obtain user information to access their personal accounts, as well as bank details. In fact, LinkedIn was the company that received the greater number of attacks from phishing during the first quarter of the year, being the target of 52% of these campaigns.
These platforms are followed in number of attacks by other sectors of the industry, such as retail, technology and transportation of products.
In all these cases the goal, as evidenced by Check Point, is the intention of the criminals grab the user’s attention and get them to click on the malicious link.
One of the most common ways to do this is through andsending an e-mail legitimate for these users, but that its content includes a fraudulent link.
The goal is to grab the user’s attention and get him to click on the malicious link. After logging into the supposedly verified website, they are asked to log in with their credentials.
Cybercriminals automatically save these passwords, so that they can access user accounts on social networks as well as their personal and professional data at any time.
Source: Clarin