Word document credential phishing in the corporate world

By June 21, 2019 No Comments

By Raphael Denser *

The attacks of Phishing This is not news, especially when it comes to spam emails hoping to reach perfectly naive users, who would click on a malicious link or open a spam script. malware disguised as an attachment.

But malicious links and attachments are just the tip of the iceberg, as there are several other ways to trick users into stealing their credential information without suspecting that it's under attack by Phishing.

The name Phishing it's a corruption of the word fishing" ("Fishing"), and refers to how the scam is dealt: casting a bait to lure users with malicious content without their consent. But there will not always be cliche in attempts to Phishing: Even though it is the most common method of spreading chaos and gaining credentials, sending emails that direct users to contaminated sites is becoming increasingly obsolete in a multi-possibility scenario. Over time, the scams were diversifying and even using real events to take advantage of users.

With the evolution of defense technologies and methods, there has also been the evolution of tools that help the attacker to better perform his attacks on institutions and corporations.

The use of tools is coupled with credential theft attacks and because it is a Phishing, O PHISHERY best fits this model.

O PHISHERY it's a server HTTP enabled to use SSL simple, with the primary purpose of obtaining credentials through Phishing of basic authentication. THE Phishery also provides the ability to inject a URL as "C 2”(Command and control center) easily in a document .docx of Word. Once the server is up and running, all the attacker needs to do is incorporate the URL that the server PHISHERY is configured in a document from the Word so your Mal-DOC be ready to collect credentials.

Credential collection attacks use emails that contain malicious documents from Microsoft Office" that leveraged the technique & #8216;attachedTemplate' (attached model) to load a remote server, designed specifically to fool users and even the security lines of Windows and the corporation itself.

When you try to open the Document, the Microsoft Office will display an authentication dialog to prompt the user to provide credentials of Login, going through a real authentication to open a document. However the effectiveness of this method is mainly based on the basic authentication domain used, as often everything the end user will see when opening a document from Office will be a request to enter your credentials to proceed with opening the Document. After the user enters their credentials the document will open normally without even suspecting that it has just fallen into Phishing collecting credentials, exposing the entire corporation to risk.

* Raphael Denser is a Consultant Safeway Consulting.

Regarding the [SAFEWAY]

SAFEWAY is an Information Security company, recognized by its customers for offering high value added solutions through Information Security projects that fully meet business needs. During these years of experience, we have proudly accumulated several successful projects that have earned us credibility and prominence in our clients, which constitute in large part the 100 largest companies in Brazil.

Today through more than 17 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best technology solutions, processes and people.

Let's make the world a safer place to live and do business!