A new cyberattack doing the rounds infects computers through Microsoft Office documents. Microsoft has already responded by releasing new security tips to stop from users from falling into the trap.
The group behind this new attack is called Fancy Bear. This isn’t any old group of cybercriminals; it is reported that they were behind the Democratic National Convention (DNC) hack during the 2016 US presidential election.
The technique behind this new Fancy Bear attack is to take advantage of the Dynamic Data Exchange, or DDE technology. This allows them to execute a code that is stored in another file.
The group sent a Word document called IsisAttackInNewYork.doc (“Isis Attacks New York”). The striking title led to a number of victims opening the document and finding links leading to malware-infested pages. At this point, however, the document wouldn’t be able to download the virus, instead displaying this message:
When the user opens the document, a message appears saying that the document contains internal links that can refer to files. The document then asks for permission to use the DDE technology to connect to the servers to update. In this case “update” means install a virus.
Microsoft advises that users be very careful before clicking Accept on these types of messages. If the origin of the document is unknown or if the document is suspicious in any way, they advise ignoring the DDE request.
This is the first time a group of hackers has used Microsoft Office to infect users’ computers. Does Microsoft need to update its Office automation tools to better detect this type of scam in the future?