Latest cyber threat highjacks MS Excel

The United States formally accused cyber actors affiliated to China’s Ministry of State Security of conducting the massive Microsoft Exchange Server hack disclosed in March – © AFP/File FARSHAD USYAN

Security researchers are warning about a phishing campaign that is targeting employees in financial services using links that download a ‘weaponized’ Excel document. Researchers who have analyzed the malware at the heart of this new attack wave have noted the malicious Excel files can bypass malware-detection systems.

This ability to slip by established anti-viral systems is because the malware contains lightweight embedded macros, making it dangerous for organizations that depend on detection-based security and sandboxing.

The emails being sent out claim to come from the Johns Hopkins Center bearing the title “WHO COVID-19 SITUATION REPORT”.

Weighing up this new risk for Digital Journal is Troy Gill, who is the Senior Manager of Threat Intelligence at Zix | AppRiver.

Gill begins his review weighing up why the finance sector appears to be a big target and why it has some inherent vulnerabilities.

Gill notes: “The financial industry is a top target for cybercriminals who continue to find new ways to obtain the endless sensitive client and customer information organizations in this industry store.”

As to why the specific mode of attack has been rolled out, Gill speculates: “Email attackers are also increasingly using customized phishing campaigns to target users as we saw with this phishing campaign where attackers exploited company-issued information about COVID-related changes to working arrangements.”

There is a common theme to this, says Gill: “The shifting of tactics seen in this phishing campaign are representative of many different malware groups, all of whom are constantly adapting their attacks to avoid detection. “

The extent of the threat means that mechanisms are need to counter-act the threats. Here Gill observes: “This is why it is important to have security controls in place that are not just robust but also nimble and adaptable to these ever-evolving threats.”

Furthermore he recommends: “This attack is a great…