** IMPORTANT INFORMATION FOR THE IS / IT AREA **
(Pls, pass the information to your teams)
Exploit Hackers Recently Disclosed Microsoft Office Bug to Backdoor PCs
A 17-year-old serious vulnerability recently disclosed in the Microsoft Office which allows hackers to install malware on targeted computers without user interaction is now being exploited to distribute backdoor malware.
First discovered by researchers at security firm Fortinet, the malware was dubbed cobalt because it uses a component of a powerful and legitimate penetration testing tool called Cobalt Strike.
Cobalt Strike is a form of software designed for Red Team Operations and Adversary Simulations to access secret channels of a system.
The Vulnerability (CVE-2017-11882) What Cobalt malware uses to offer backdoor is a memory corruption issue that allows unauthenticated remote attackers to execute malicious code on the target system when opening a malicious file and potentially take full control over it.
& #8220; This vulnerability affects all versions of the Microsoft Office and Windows operating system, although Microsoft has already released a patch update to address the issue.
Because cybercriminals are quite quick to take advantage of newly reported vulnerabilities, threat actors have begun delivering Cobalt malware using exploit. CVE-2017-11882 via spam just a few days after its release.
According to Fortinet researchers, Cobalt malware is delivered via spam emails, which masqueraded as a notification from Visa regarding changes to rules in Russia, with an attachment that includes a malicious RTF document as shown. .
The email also contains a password protected file with login credentials provided in the email to unlock it to trick victims into believing that the email came from the legitimate financial service.
& #8220; THIS IS [ALSO] TO AVOID SELF-ANALYTICAL SYSTEMS FROM EXTRACTING MALICIOUS FILES FOR SANDBOX AND DETECTION & #8221 ;, WRITE THE FORTINET JASPER MANUAL AND JOIE SALVIO RESEARCHERS.
#8220; ONCE A COPY OF THE MALICIOUS DOCUMENT IS OPENING & #8230; THERE IS POSSIBLE THAT THIS IS JUST TO DECEIVE THE USER TO THINK THE SECURITIES ARE IN PLACE, WHICH WOULD BE SOMETHING EXPECTED IN AN EMPLOYEE OF A WIDE FINANCIAL SERVICE & #8221 ;.
Once the document has been opened, the user has displayed a simple document with the words & #8220; Enable editing & #8221 ;. However, a PowerShell script runs silently in the background, which eventually downloads a Cobalt Strike client to take control of the victim's machine.
By controlling the victim's system, hackers can initiate lateral movement procedures on the network by executing a wide range of commands, the researchers said.
According to the researchers, cybercriminals are always looking for such vulnerabilities to exploit them for their malware campaigns and, due to ignoring software updates, a significant number of users out there have left their systems out of date, making them vulnerable. To such attacks.
The best way to protect your computer against the Cobalt malware attack is to download the CVE-2017-11882 vulnerability patch and update your systems immediately.
Source: https: //thehackernews.com
Want to talk to any of our cybersecurity expert? Click on here