Cyber attacks are on the rise. It’s estimated that cyber crime damages will be in excess of $6 trillion by 2021. Cyber crime damage comes in many forms from data destruction to intellectual property theft. There are often major financial fallout from money stolen or embezzled and personal information compromised which has all sorts of financial repercussions.
That’s not even taking into consideration the disruption of businesses with hacked systems needing to be patched or replaced and compromising your customer’s confidence in your network’s ability to maintain stability and, most importantly, safety.
One of the most common threat vectors to damaging your cyber security continues to be malware and ransomware. There have been some very nasty types of ransomware that have been deployed recently, such as Ryuk, Sodinokibi, LockerGoga and many others, and they all have caused a lot of damage both in terms of downtime and the bottom line to the businesses and corporations that have been impacted by them. In fact, in a previous article, we outlined the five worst Malware attacks in history.
But when one thinks about Malware, attacks such as Ransomware, Phishing and Business Email Compromise (BEC) often come to mind. But there is another threat vector that is gaining strong traction – Document based Malware.
What Is Document Based Malware?
A formal definition of this is as follows:
“It is malware that is hidden directly in the document itself or an embedded script downloads it from an external website,” explains Chad Lauterbach, CEO of Be Structured, an IT support company in Los Angeles.
Simply put, the malware can be anything from a malicious .EXE file or even a macro that is embedded in the document itself. Once the victim downloads it onto their computer, the payload is then deployed and launched.
From there, the damage then starts, whether it is destroying the files on the victim’s computer, or covertly hijacking the Personal Identifiable Information (PII) on the otherwise structured network.
The Trends In Document-Based Malware
Consider some of the latest statistics on just how Document based Malware is becoming so rampant:
Almost half (specifically 48%) of all Malware based files came from and were deployed by some document format; the most common infected files were those of Excel (.XLS), Word (.DOC), and Adobe Acrobat Reader (.PDF).
In a recent study that was conducted by Barracuda Networks, there were more than 300,000 unique, malicious documents that were identified. This indicates that this is now becoming a prime choice for the Cyberattacker when they launch their specific threat vectors.
From the above, almost 59% of all the malicious documents that were detected in just the first quarter of 2019 alone. This is an 18% growth rate from the same time period in 2018.
Of this, there were more than 47,000 infected PDF files, and close to 51,000 infected Microsoft Office files. These have become even more difficult to detect by anti-malware and anti-spyware software applications, and other security mechanisms.
In the financial sector, the most commonly used Document Malware downloader is known as “Emotnet”, along with its variant, “Trickbot”. Both of these make use of Email distribution lists that are available from the Dark Web and utilize the PowerShell tool (this is an object-oriented scripting language) in order to deploy the malicious documents to the unsuspecting end user.
Once the victim has downloaded the infected file, the Malware in the document is either installed automatically, or by tricking them to enable the macro functionality that is available. By default, this is disabled in Microsoft Office, it has to be enabled by the end user.
The most common types of Malware that are used to infect documents include the following:
- Trojan Horses
It’s often hard to identify a malware issue with an in-house IT department that doesn’t spend the majority of their time studying the varying types and tactical twists of the ever-evolving viruses.
That’s why in these challenging technological times, outsourcing technical support has become the preferred method of providing network support services. Those on the outside looking in are more likely to attend ongoing master classes in the latest attacking trends. The offsite IT company can then make recommendations on how to best prevent a malware attack before it happens rather than react to the issue after the fact.