In our world today, there is one known fact: Whether we hate it or love it, Microsoft Office will be the defacto standard of technology usage when it comes to word processing, spreadsheet usage, presentation composition.
Because of the huge market dominance that this software package has, there are other ones out there, which are probably even better, more robust, and yes, even more secure, and FREE!!! (HINT: this will be the topic of a future blog post).
Anyways, Microsoft Word and Excel have long been the favored tools for a Cyber attacker in which t deploy Malware onto a victim’s computer. It usually comes in the form of a Phishing E-Mail, the sender does not confirm the authenticity of that E-Mail, downloads the infected .XLS or .DOC attachment, and voila, minutes later, their computer is infected with who knows what.
For example, it could be a Trojan Horse that is attempting to steal all of your login credentials, it could be Keylogging software that is recording all of your keystrokes, or even your computer could not become the host for a Botnet style attack.
But, according to a news headline I came across this morning, the use of malicious .XLS and .DOC files has now been extended to Microsoft SharePoint now. In case you haven’t used it, SharePoint is a more of a low-level collaboration tool in which you can store documents, and other users can access them as well (assuming of course, they have the right permissions to do so).
But, it seems like that the Cyber attacker is now taking a break from trying to come up with infected .XLS and .DOC files, and going straight to SharePoint. For example, they will still send you a Phishing E-Mail, but rather than including an attachment, the E-Mail will contain a malicious link (which will of course look like a legitimate SharePoint link), and ask you to click on it.
If you fall victim to this, and enter in your username and password, the Cyber attacker will then essentially gain access to all (if not most) of the documents that are stored in your SharePoint repository.
As a result, they now have a huge treasure trove of documents that they can infect (again with Malware, Trojan Horses, or other variants of Worms and Viruses), with the end result being that many more computers will now be infected.
For example, if you are working with a team, and you all have the same levels of access to your documents, and if they become infected because of the malicious SharePoint link, your team member’s computers will in turn become infected as well when they download those documents. And, if those documents get sent to others, those computers will become infected as well.
Really, if you think about it, it is an efficient form of a Cyber-attack. One malicious SharePoint link can infect more documents, which again in turn can affect many more computers and workstations. There is also another twist to this as well. In conjunction with this new type of SharePoint attack, there now seems to be a new kind of Phishing E-Mail campaign that asks you to download an invoice.
It is important to keep in mind that these kinds of E-Mails are traditionally used in BEC Phishing campaigns. But, these E-Mails now ask you to enter in a supplied password in which to open up the invoice.
If you fall for this kind of Cyber-attack, the macros which exist in either the Excel or Word documents will be activated, and infect your computer with whatever malicious payload the Cyber attacker has deployed onto the .XLS or .DOC file. But, there is a remote chance that it could even contain Ransomware, which is obviously far worse than a mere Trojan Horse.
My thoughts on all this?
First, I think the SharePoint attack should be an easier one to stop. After all, if you do get an E-Mail like this, all you have to do is hover your mouse pointer over the link, and if the two are different even in the very slightest, then you know you are being tricked into giving up your username and password.
And as usual, always check for the tell-tale signs of a Phishing E-Mail, such as typos, misspellings, odd sounding sender names, etc.
It is the second one that you need to be much more careful of. For example, when tax season starts up, I usually get an E-Mail from my accountant to download the files that she needs me to complete so that she can do our taxes. But the trick here is that these documents are also password protected, but with something like the last four digits of your Social Security number.
Nowadays, it is the tax accountant now that is a prized target for the Cyber attacker, because of the vast amount of sensitive data they have on their clients. There is very strong potential that a Cyber attacker could send a spoofed-up E-Mail looking like it came from your accountant, and asking you to download files based on your Social Security number.
Be extremely careful of this, especially when tax season starts next January of 2019.
If you Social Security number is stolen by a Cyber attacker, it will more than likely be used to file a fraudulent tax return under your name in order to claim the refund that you are supposed to get. As I have written before, this kind of Identity Theft can take months, even years to resolve, given how slow the IRS is these days.
Your safest bet is that if you receive any E-Mail communications from your accountant, always contact them to make sure that they are the ones who have actually sent it. A quick phone call like that could potentially save you tons of agony down the road if you are a victim of tax fraud.