ALL >> Computers >> View Article
Microsoft Issues Advisory To Office Users After Fancy Bear Attacks
Total Articles: 48
Microsoft, the tech giant has posted a security advisory to let the Office customers minimize attacks that utilize an Office feature DDE to install malware upon opening an Office document. According to security researchers, since last month a Russia-linked hacking group named APT28 is making the use of DDE or Dynamic Data Exchange, an old protocol to embed malicious code through an infected Word document. This protocol enables the users to send messages between applications that share data.
These targeted attacks linked to this Russia-linked group are sometimes known as Fancy Bear hacking gang. Last month, it was observed that it was possible to plant attacks exploiting DDE via Excel spreadsheets, Word documents and Outlook, even when macros have not been enabled. For example- financial data that can be auto updated with new data from an external source.
As per McAfee researchers report, the hacking group has started using DDE in a word document with the file name “IsisAttackInNewYork.docx”. The hackers used DDE to launch a PowerShell script that lands to a URL and downloads an implant named Seduploader, which automatically fetches information about victims.
In the email attack scenario, an attacker could influence the DDE protocol by sending a specially customized file to the user and compelling him to open the file, mainly by the way of enticement in an email.
Before to this, the Dynamic Data Exchange attack was being used by cybercriminal groups. Sensepost researchers grab attention to the technique, which offered an alternative way to implant malware with macros. Sensepost reported this issue to the tech giant, Microsoft. However, Redmond thought it a feature and hence didn’t provide a patch in the October update.
The Fancy bear files that took the help of DDE were created on October 27 and shared with control server domains that were registered two days before.
Microsoft issues an advisory that if an attacker influence a user to open a document that make the use of DDE, the victim also need to disable Protected Mode and click through one or more additional prompts. The recommendation also points to instructions for administrators to enable DDE feature control keys that are saved in the registry.
The tech giant strongly encourages all the Office users to review the security-related feature control keys and to enable them for better protection from the Fancy Bear attacks. The advisory also include guide for disabling DDE from the inside of Office products. It shows that if DDE is disabled in Excel from the registry it may prevent the spreadsheets from automatically updating from a live feed.
If the users need them they have to start the feed manually. In the same way, Microsoft has provided instructions for disable this Dynamic Data Exchange in its Office.com/Setup Office applications, including Publisher, Word and Outlook, along with the description of the impact if this DDE is disabled.
Computers Articles1. Jaxx Wallet Phishing Campaign: Cryptocurrency Miners Swindled Of Blockchain Assets
Author: Virus Removal Gudilines
2. How To Configure Wireless Brother Printer
Author: Vjustin smith
3. Aol Contact Number
4. Effects, Preventions, And Removal Of Keyloggers
Author: august sin
5. Small E-commerce Businesses Compete With Giant Using Seo
6. How To Update Iphone To Ios 12?
Author: Edward Lewis
7. Things You Need To Know About Facebook’s Messenger Kids
Author: john martin
8. Improve Digital Experience By Cleaning Your Smartphone
Author: Aida Martin
9. Things To Know About Youtube Premium
Author: mia watson
10. How To Implement Email Security For Your Emails.
Author: Andrea White
11. How To Tackle The Dangers Of File Sharing?
Author: Aida Martin
12. How To Keep Your Laptop Running Well For Longer
Author: Edward D Lemos
13. How To Resolve Graphic Card Issues In Dell Laptop?
14. How To Clear App Data And General Cache In Windows 7
Author: Devin smith
15. Apple Watch Tips And Tricks You Should Know
Author: Maria Williams