Researchers at McAfee warn that a current phishing campaign is delivering malware via Word documents that don’t contain any malicious code. When a user opens the document and enables content, the document will download an Excel file that’s used to construct a malicious macro after the documents are on the system. This helps the macros bypass security filters.
“The malware arrives through a phishing email containing a Microsoft Word document as an attachment,” the researchers write. “When the document is opened and macros are enabled, the Word document, in turn, downloads and opens another password-protected Microsoft Excel document.
After downloading the XLS file, the Word VBA reads the cell contents from XLS and creates a new macro for the same XLS file and writes the cell contents to XLS VBA macros as functions. Once the macros are written and ready, the Word document sets the policy in the registry to Disable Excel Macro Warning and invokes the malicious macro function from the Excel file. The Excel file now downloads the Zloader payload. The Zloader payload is then executed using rundll32[dot]exe
MSPs are a prize target because they are a gateway to many – sometimes hundreds – of business networks. Threat actors also know the pandemic has placed them under pressure to continue delivering services 24/7, even though many employees are now having to work from home.
Their hope is that MSPs simply did not have the time to check security precautions as thoroughly as they would wish in the rush to avoid disruption to services.
Why Your Organization is Now at Risk from this Evolving Threat Security professionals have worried about cyberwarfare for decades. But the attack on Sony Pictures, the Solarwinds supply chain compromise, and now the latest Microsoft Exchange zero-day exploits show that nation-state attacks are having a much bigger impact than ever before.
Don’t let the big names fool you. Today, any organization is fair game, which means your organization could be next. Contact Us to Learn more!
We provide cybersecurity services to large and small businesses, with specific emphasis on compliance and cybersecurity incident prevention, detection, and response..