This week researchers identified a Russian hacking group, nicknamed “Fancy Bear”, sending malicious word documents via email. This type of attack is known as spear phishing. The word document itself is blank, and once opened, will install malware onto the system. The malware first sends information about the user and device to the attackers, and if interested, the attackers can remotely install software giving them control of the device along with access to files and data.

How can I identify this attack?

Users should always exercise caution when opening unexpected or unknown emails. In this specific case, be extra diligent with any emails relating to the recent New York terror attack. Be sure to avoid files and links with these names that researchers identified as malicious:

*IsisAttackInNewYork.docx
*SabreGuard2017.docx

*webviewres[.]net
*netmediaresources[.]com

How can I protect myself against this attack?

This attack leverages a new technique that has not yet been blocked or patched by Microsoft. Depending on your IT policies and settings, you may be able to turn off the feature that attackers are leveraging:

*If you use Microsoft Word 2016 or Microsoft Excel 2016, go to Options → Advanced, and then remove the checkmark from "Update automatic links at open". The setting is listed under the general group on the page.

*In MS Excel, you can also check "Ignore other applications that use Dynamic Data Exchange (DDE)."

Disabling these features may impact other functionality within the applications depending on your office IT systems.

How Todyl can help

Todyl’s Guardian Cloud leverages multiple layers of defense to block these attacks before they reach your network unlike traditional anti-virus and firewalls that are easily bypassed.

With new types of cyberattacks being invented regularly, you need a team to continuously block and respond to new threats. Todyl’s dedicated team of experts makes this possible while staying within your budgetary restrictions.

To see how Todyl can help, sign up for a free 15 day trial today or schedule a call with a Todyl Security Expert today.

Sources