News & Events


Hackers are increasingly targeting companies at an alarming rate. It only takes one click to bring the services of a company to a halt. Most believe that having the best firewalls in place will mitigate this risk, but in reality their most vulnerable firewall is the human firewall. Security training and awareness most be continuous to keep up with ever-evolving threats. Especially since hackers are always one day ahead of the firewalls that protect you.

A dangerous new phishing threat has appeared with the ability to evade detection by anti-virus software. This should prompt reminders to employees to be wary of clicking unfamiliar links from known business partner email. Remember, One Click + One Person = Cyber Attack!

In recently observed attacks, PowerPoint Show files (.PPSX files) are being abused to deliver malware. Earlier this month, security researchers at Trend Micro blogged that, as part of the attack, the threat actors sent email masquerading as a business partner to deliver the malicious document as an attachment to a spear-phishing email. 

The phishing email message references an order request, but no business documents are attached to it. What is attached, however, is the malicious PowerPoint Show (.PPSX file). Once the file is executed, PowerPoint initializes the script and runs the remote malicious payload via the PowerPoint Show Animations feature. This attack is a workaround to evade anti-virus software detection for a known Microsoft Office vulnerability targeting Rich Text Format (RTF) files (CVE-2017-0199) that Microsoft patched in April 2017. When the vulnerability is successfully exploited, it downloads a file called logo.doc, which is actually an XML file with JavaScript code.

The JavaScript code then runs a PowerShell command to download an executable tool from its command and control (C&C) server that, once executed, provides the attacker with the capability to run remote commands on the user's system. The tool allows the attacker to download and execute commands on the infected machine, log keystrokes and screen activity, and record audio and video using the system's microphone and webcam.

PRECAUTIONS:

  1. Security Training and Awareness programs should be continuously updated to include ever-evolving phishing threats. Users with access to critical data and systems should know to exercise caution when opening email and clicking on links, even if they appear to come from legitimate sources.
  2. Systems should be patched with the latest security updates; users with the updated patches are safe from these attacks.
  3. If your business has not conducted Security Training and Awareness exercises or is unable to verify patch level of your systems, please contact the Cybersecurity professionals at UHY Advisors to arrange for a brief overview of how we can help.

 

For more information on reducing the risk of your next cyber security attack, please contact your local UHY Advisors professional.