Jump to content

Cisco uncovers Microsoft Word spearphishing attack...


Recommended Posts


Cisco uncovers Microsoft Word spearphishing attack


Targeted rich industries like banking, oil, television and jewelry..
Tue Jul 01 2014, 13:44



CISCO HAS DISCOVERED spearphishing malware in Microsoft Word that uses an exploit targeting the software's Visual Basic Scripting for Applications feature.


Cisco's investigation into the malware identified a group of attacks by the same threat actor, with Cisco exposing the threat actor's network after it had discovered a Microsoft Word document that downloaded and executed a secondary sample, which began beaconing to a command and control server.


"While basic, the Office Macro attack vector is obviously still working quite effectively," Cisco technical lead Craig Williams said in a blog post. "When the victim opens the Word document, an On-Open macro fires, which results in downloading an executable and launching it on the victim's machine."


Williams said that this threat actor seemed to target high-profile, rich industries such as banking, oil, television and jewellery companies and victims of the attacks were duped into opening an email attachment in the form of an invoice, written specifically for the recipient.


"The message [was] a fairly simple phish email which includes a fake name and an attached Microsoft Word document. However, this was simply the outer layer of the onion so it's best, we think, to start from the beginning," Williams said.


"This particular phishing attempt was noticed in Cisco's email corpus due to the email attachment's poor block rates at most antivirus engines."


"For the duration of this campaign there is one thing that remained consistent: at best, a few antivirus engines may have generically detected the attached malware but more often than not coverage was provided by a single vendor, or no coverage was provided at all."


SOURCE:  http://www.theinquirer.net/inquirer/news/2353015/cisco-uncovers-microsoft-word-spearphishing-attack




Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.