Last week news emerged of a new phishing email doing the rounds, unlike others that try and get you to click a hyperlink, this one asks you to download a PowerPoint file.
The file exploits a known Microsoft vulnerability and allows hackers to use PowerPoint as an attack vector that can bypass antivirus detection.
This particular attack starts with a phishing email claiming to be from a cable manufacturing company and uses a spoofed email address to look legitimate.
When downloaded, the attachment opens a PowerPoint file and displays the text ‘CVE-2017-8570’ which is a reference to a previous Office vulnerability. In the background it runs malicious code through the PowerPoint animations feature which then downloads a file logo document. This is the tricky bit, once downloaded the logo.doc runs code and executes a file called RATMAN.EXE which is a remote access tool, meaning hackers have complete access to your computer.
Once this code is installed on your computer, hackers have access to keylogging, screenlogging, webcam and microphones and the ability to download and run any other software they see fit. It gives hackers almost complete control over the computer without the owner being aware.
We don’t have to go into detail about what a hacker could potentially do with this information, suffice to say; it’s a lot.
The good news is that there is a patch available and Microsoft released it back in April, so if you or your IT provider, kept up to date with patches you should be fine. That’s not to say that you shouldn’t always be on the lookout for phishing emails.
If you suspect that an email you received is a phishing scam but you aren’t sure, contact the organisation. Make sure you independently search for their contact info, and don’t use the details provided in the email.
You should ensure your staff are trained and know how to spot a phishing email. Consider conducting phishing tests on your staff and holding regular training.