On May 11, 2020, one of our executives received an email containing a malicious Excel 4.0 file (an Excel format from the 90s), that bypassed the Microsoft 365 security system and arrived at her inbox.
Our executive wasn’t alone. According to Microsoft Security Intelligence’s own tweets, it was “a massive campaign” that included “hundreds of unique Excel files.” These files “use highly obfuscated formulas, but all of them connect to the same URL to download the payload” and “run commands on compromised machines.”
It took Microsoft days to detect and block it, establishing May 12 as the beginning of the attack.
Thankfully, our company and our clients were protected. Our own FileWall™ solution [security supplement to Microsoft 365] detected the malware on May 11, the moment it showed up in our executive’s inbox, and blocked it.
As a company that helps organizations like the European Investment Bank, Varonis, Dominion Energy and Curtiss-Wright remain cybersecure, we’re proud to see this mission critical tool keeping organizations operating and protecting millions of people’s safety.
A COVID-19 Themed Attack Using Old Microsoft Excel File Formats
“The emails purport to come from Johns Hopkins Center bearing ‘WHO COVID-19 SITUATION REPORT,'” explained another Microsoft tweet. Opening the Excel 4.0 files within the emails sets the malware free in your system.
This isn’t the only attack Microsoft experienced, reported ZDNet, a CBS interactive publication. It has also seen Trickbot campaigns sending emails titled “personal coronavirus check” and “free COVID-19 test.”
Companies everywhere are being impacted alongside Microsoft. Hackers were quick to adjust their attacks to the global pandemic, leveraging the public’s fears. As early as March, the European Union Agency for Cybersecurity (ANISA) announced that it has “seen an increase in phishing attacks.”
What Happens When You Wait a Few Days to Detect Malware
Cyberattacks are part of the reality of doing business in the 21st century. No organization, of any size, is exempt from protecting itself. Hackers are getting increasingly sophisticated, and stories abound in the media about employees accidentally opening one malicious file and causing potentially irrevocable damage.
It doesn’t matter how educated or senior your employees are, or how comfortable they feel with technology. It could be an entry level professional in her or his first job, and it could be someone in senior corporate leadership, a municipality executive or a law enforcement team member. It has happened before.
After all, we’re all human.
But just think what could happen within a few days:
An account executive opens the attachment, unaware of the malware. While the malware takes over your system and starts to cause damage here (gains access to sensitive information, compromises GDPR compliance, creates actions that cause immediate financial loss), your AE forwards the file to his list of clients with the good intention of nurturing the relationship with them. They forward it onwards.
Suddenly, your organization is responsible for compromising data across dozens of companies, impacting tens of millions of people’s lives.
Similarly, a source your employee trusts could unintentionally send him a malicious file.
According to Security Magazine, if we don’t protect our organizations from our own humanity, we might find ourselves paying anything from $690,000 to millions of dollars.
Don’t Wait a Few Days to Discover a Security Breach. Prevent it from Happening in the First Place.
CDR – content disarm and reconstruct – technology was created especially for that. That’s the technology that detected the malware that showed up in our executive’s inbox.
CDR technology sanitizes all files before they enter your organization. It cleans them up, reconstructs them, and sends back the clean version to the team member that needs it. Some solutions, like odix, detect both known and unknown malware, and block them instantly. It all happens within seconds, so that work doesn’t get delayed.
If you’re done relying on luck, we’re offering a free consultation with one of our security experts. You can get it here. Let’s make sure you stay one step ahead of hackers.