ALL >> Computers >> View Article
Microsoft Issues Advisory To Office Users After Fancy Bear Attacks
Total Articles: 48
Microsoft, the tech giant has posted a security advisory to let the Office customers minimize attacks that utilize an Office feature DDE to install malware upon opening an Office document. According to security researchers, since last month a Russia-linked hacking group named APT28 is making the use of DDE or Dynamic Data Exchange, an old protocol to embed malicious code through an infected Word document. This protocol enables the users to send messages between applications that share data.
These targeted attacks linked to this Russia-linked group are sometimes known as Fancy Bear hacking gang. Last month, it was observed that it was possible to plant attacks exploiting DDE via Excel spreadsheets, Word documents and Outlook, even when macros have not been enabled. For example- financial data that can be auto updated with new data from an external source.
As per McAfee researchers report, the hacking group has started using DDE in a word document with the file name “IsisAttackInNewYork.docx”. The hackers used DDE to launch a PowerShell script that lands to a URL and downloads an implant named Seduploader, which automatically fetches information about victims.
In the email attack scenario, an attacker could influence the DDE protocol by sending a specially customized file to the user and compelling him to open the file, mainly by the way of enticement in an email.
Before to this, the Dynamic Data Exchange attack was being used by cybercriminal groups. Sensepost researchers grab attention to the technique, which offered an alternative way to implant malware with macros. Sensepost reported this issue to the tech giant, Microsoft. However, Redmond thought it a feature and hence didn’t provide a patch in the October update.
The Fancy bear files that took the help of DDE were created on October 27 and shared with control server domains that were registered two days before.
Microsoft issues an advisory that if an attacker influence a user to open a document that make the use of DDE, the victim also need to disable Protected Mode and click through one or more additional prompts. The recommendation also points to instructions for administrators to enable DDE feature control keys that are saved in the registry.
The tech giant strongly encourages all the Office users to review the security-related feature control keys and to enable them for better protection from the Fancy Bear attacks. The advisory also include guide for disabling DDE from the inside of Office products. It shows that if DDE is disabled in Excel from the registry it may prevent the spreadsheets from automatically updating from a live feed.
If the users need them they have to start the feed manually. In the same way, Microsoft has provided instructions for disable this Dynamic Data Exchange in its Office.com/Setup Office applications, including Publisher, Word and Outlook, along with the description of the impact if this DDE is disabled.
Computers Articles1. Avail It Connect Data Recovery Services To Restore Data From Failed Hard Drives
2. Import Data From Excel To Tally Erp 9 Easily
Author: Sanjay Jobanputra
3. Habits That You Need To Change While Working On A Computer
Author: Edward D Lemos
4. Easy To Use Accounting Software| File Vat Returns With Fta Approved Software- Perfonec
Author: Akansha Surana
5. How Does Mcafee On-demand Scanning Works?
Author: Maria Williams
6. How To Increase Life Of Ink Cartridges And Save Money?
Author: Jackson Perry
7. Microsoft Products Issues Troubleshooting Guide!24x7 Availability & Support.
Author: Joby Antony
8. Keep Your Private Life Private With Hide.me Vpn
Author: Jamie R Clarke
9. Usb Safeguard - Password Protection Software Usb Pen Drive
Author: Andrew Jordy
10. Craft Professional Drawings With Nanocad Plus
Author: Nick Giles
11. China’s Cyber Attacks On Taiwan Are Hard To Detect
Author: sara williams
12. What Is Logo Usbs Constructed Of?
Author: Magdalene Munter
13. Can I Check The Status Of My Dell Laptop Repair?
14. How To Fix Chrome High Disk Usage In Windows 10?
Author: bella watson
15. Novel Transmitter Secures Wireless Data From Cyber Criminals
Author: bella watson