ESET have warned about a cyberattacks campaign that, by using the email, have been sending to portugese and spanish organizations fake budgets for the fulfillment of services and they ended being infected archives. The analized mails forge the sender using spoofing(forge) techniques “but there’s the possibility that in some cases someone managed to take control of the mailing servers that the sender companies have”, said the ESET.
Fake budgets have been sent to spanish and portugese
One of the importamnt aspects of this new campaign is that the mails are written in perfect spanish and they seem to come from legitimate companies and even known ones, so they make more belivable the application. Being mails sent by a”legitimate company” the users are deceived by thinking they are legitimate mails and then they download the attached files in .xls, .rtf or .doc format.
The malicious attached file has a peculiarity comparing to other cases, because Office do not allow the self-winding execution of the attached code in the documents, something that would allow the malware to activate himself only by opening a Word. The user must manually activate the option of watching that code and, by that, delinquents attach messages that invite the users to do so. That’s why the malicious document tries to take advantage of the vulnerability CVE-2017-11882 in Microsoft Office to begin their malicious activity.
“Even in 2018, there’s still people that believes that Word and Excel archives do not represent a threat to their systems, even they being used in attacks for more than 20 years”, says Josep Albors, responsible of the investigation in ESET Spain.
The users of solutions in ESET Security are protected against the first phase of the attack, thanks to the detection of the exploit that tries to use the malicious file, detection that receives the name of Win32/Exploit.CVE-2017-11882 , although that from the company remember that to avoid to fall in this kind of threats, it’s necessary to keep updated the Operative System and the apps, arrange security solutions, like ESET Smart Security, that are capable of detect threats and mistrust any email that is not applied even if they’re from trusty senders