– Kady Harper, Marketing Administrator at Business Outreacher, says:
Instead of faxing and sending overnight mail envelopes, most businesses today share documents online. Online document sharing is instantaneous, simple, and convenient, and it encourages real-time collaboration.
Unfortunately, cyber attackers have learned to hide exploits in everyday documents, including the documents you share in the workplace. Many network security tools for business can catch these exploits. You can also prevent malware sharing through safe document management practices. Start by learning how these exploits spread and how to keep your business safe.
Recent Document Exploits
Attackers hide exploits in a wide range of documents. They use Microsoft Word docs, Google Docs, and PDF files to spread attacks throughout organizations. Take a look at some document exploits from this past year.
Microsoft Word Zero-Day Exploit
Attackers sent altered RTF files through email that could affect computers in two different ways. First, if a recipient opened the document, the attacker could execute remote code to gain the same computer user privileges as the recipient. Second, if the altered RTF document appeared in a Microsoft Outlook preview window, the attacker could also execute the remote code.
Microsoft Word Exploit Rerouted Through Google Docs
Back in 2012, to spread the Backdoor.Makadocs Trojan, attackers sent an infected Word document to a variety of email recipients. The company’s network firewall would have blocked the infected document’s attempt to communicate with the attacker’s command-and-control (C&C) server, so the Trojan rerouted the traffic using an SSL-protected Google Docs callback.
Researchers found a similar attack this year targeting countries throughout Southeast Asia called Trojan.APT.Seinup. This time, the infected Word document, when opened, creates a duplicate of itself along with a malware dropper. The malware can register itself as a Windows service, which allows it to survive multiple reboots. The “seinup” function, which reroutes through Google Docs, allows the infected computer to communicate with the attacker’s C&C server.
Malformed PDF Files
Many document exploits involve attached Word docs that have been compressed into .ZIP files. Because many network email spam filters scan .ZIP files for malware, attackers started sending PDF files as e-mail attachments, inserting a script virus into the PDF file. In some cases, the script virus would crash a computer’s PDF reader. In other cases, recipients had no idea their computers were infected until they started receiving unusual emails. According to the emails, the recipients’ credit cards or PayPal accounts were used to make purchases and send them to unknown mailing addresses.
Document Template Exploits
Earlier this year, attackers circulated an email featuring a headline from a recent news event in which the deputy prime minister of Laos was killed in a plane crash. The email supposedly contained news clips about the crash, but the clips were actually .JPG files that, when opened, dropped a backdoor through which attackers executed commands. Attackers used a template document that they could modify depending on what they wanted from their intended target.
Keeping Documents Safe
Many companies are turning to cloud document-sharing applications, like Dropbox, Accellion, Box, or Citrix ShareFile. Although storing docs on cloud servers might make some companies nervous, it’s far safer than sending documents as email attachments. Keep these four considerations in mind when choosing a cloud document-sharing solution:
- User authentication options that you can control. Choose a service that puts user authentication administration into you company’s hands. You company should be able to wipe documents off of remote mobile devices, create passwords for individual files, and decide who can read, edit, and delete shared files and folders.
- Extensive encryption tools. In addition to encrypting your documents as they travel to and from the datacenter, your cloud document-sharing provider should encrypt the document within the datacenter. Certain tools also encrypt cached documents on employee mobile devices.
- Document monitoring capabilities. Your cloud document-sharing service should maintain records of when employees open, alter, delete, download, and upload documents.
- Subpoena protection. Talk to potential service providers about how they would respond to law enforcement subpoenas and whether you would be notified before they surrendered documents to the authorities.
To stay safe from document exploits, keep all security applications, word processing applications, and Adobe Reader up-to-date. Finally, avoid sending documents as e-mail attachments. Switch to a secure cloud document-sharing service instead.