The Changing Face of Cyber Attacks

April 16, 2018

Cyber Criminals are changing the way they attack organisations. A recent report published by Record Future highlights Microsoft products are gaining favour over Adobe Flash Player. In 2017 criminal exploit kits and phishing campaigns favoured the delivery of malware via Microsoft products. Last years statistics show 7 of the top 10 vulnerabilities delivered via Microsoft products. This has bucked the trend of previous years in which Adobe Flash was the prefered delivery mechanism.   

These newer exploit kits tend to rely on the download and execution of Visual Basic scripts containing Powershell commands within malicious office documents.  Internet Explorer was also targeted to deliver Malware. Although Flash player is due to be phased out by 2020, it still remains a popular way to infect machines. Older browsers often autorun flash content. If this content is infected, machines are then compromised. 

 

2018 is showing no relent by attackers in the use of Microsoft Office documents. An article in myonlinesecurity.co.uk https://goo.gl/a6pAU2 describes how variants of CVE-2017-0199 and other Common Vulnerabilities and Exposures are being deployed on a daily basis using malicious Word documents. As newer versions of Microsoft Office documents are natively compressed and should be delivered to your companies email server using encrypted protocols, catching such files before they have the ability to infect your users is critical and becoming difficult without the correct technologies being deployed.

If your organisation does not have a Next Generation Firewall (NGFW), be on the lookout for email your not expecting from banks, government agencies and emails with subjects such as Refund or Invoice. Ensure your endpoint protection solution is up to date with the latest signatures. 

If you do have an NGFW, ensure it has the ability to inspect encrypted traffic such as SMTPS, POP3S and IMAPS and the ability to decompress Microsoft office documents before any inspection takes place.   

Please reload

Our Recent Posts

U2F or Universal 2nd Factor security keys have been with us since around 2009 in their current form although some smartcard technology they use has be...

Security Key, The Way Forward?

August 23, 2018

Einstein's allegedly quoted as saying "doing the same thing repeatedly, and expecting different results is the definition of insanity,". My feeling is...

A Smarter Way Than Passwords

July 12, 2018

Your organisation's Internet connection is now a critical part of your business. It provides email for communications with customers and suppliers ali...

GDPR Solutions

April 16, 2018

1/1
Please reload

Tags

Please reload

©2019 BY ANOVANET.