Page 45 - Cyber Warnings
P. 45
attachment of a Word document. Since this is not an .exe file, the person may have a better
sense of security and the person believes this is fine.
The user then opens the word document. Unbeknownst to the user, this allows the macro in the
Word document to execute. The malware is placed in the memory of the system.
This was also coded to check if the malware had been placed in a sandbox or virtual
environment.
Targets
The Palo Alto Networks noted an estimated 1,500 emails were sent with this campaign. As
further evidence, the email was specialized for each person.
The targets have been in the US and Europe, with a smaller portion of the emails being sent to
Canada. This has focussed on the hospitals, manufacturing, energy, and tech industries.
Prevention
Malware has tended to be used repeatedly and re-surface when users and Admins have
forgotten about it. This is a sample of malware that needs to be wary of and place defenses in
place and not remove them for convenience.
There are a number of defenses for this. These are familiar and have been seen many times
before with other instances. These common sense approaches still work well when
implemented.
The user should not enable macros in the Word documents. If the user is not certain of the
sender’s identity or is not expecting an attachment, the attachment should not be opened.
About The Author
Charles Parker, II began coding in the 1980’s. Presently CP is an Information
Security Architect at a Tier One supplier to the automobile industry. CP is
presently completing the PhD (Information Assurance and Security) with
completing the dissertation. CP’s interests include cryptography, SCADA, and
securing
Charles Parker, II can be reached online at [email protected] and
InfoSecPirate (Twitter).
45 Cyber Warnings E-Magazine – April 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide