Imagine finding out that someone in your office was quietly monitoring all your incoming and outgoing business communications. That person then copied every message you sent and emailed all the information to a co-conspirator outside your organization, allowing that co-conspirator to use the information to steal from or blackmail your company.
If such a scenario happened, you would surely call the police and have this person arrested. However, this not only might be happening right now, but the perpetrator could be your personal computer. According to security researchers, a new phishing technique is distributing emails with dangerous payloads, known as “malicious PDFs” — a stealthy backdoor for spying on business computers.
A New Twist on an Old Scam
In the newest variant of this attack, a hacker installs a backdoor that's able to attach itself and connect to a computer’s Outlook application or other email clients (you can see a map of infections here). It is able to copy any data that comes from an email exchange and save it in the PDF format. Because the Adobe PDF format is a commonly accepted document type, it is not easily detected by commonly used data loss prevention products because it looks like it’s just a part of your email client.
Unlike other backdoor hacks, this new variant does not need to receive communications from a remote server. According to researchers, the malware can be completely controlled via email, and the data exfiltration can look entirely legitimate. The hacker can simply send an email from any email address which can activate the code, or simply program the virus to automatically send files back to them using your email server.
A Worldwide Phenomenon
According to reports, the exploit is the work of the Turla group, a Russian intelligence-affiliated group which was credited with a cybersecurity breach at U.S. Central Command in 2008 as well as attacks against other government and military organizations. This new exploit is designed to evade firewalls and standard cybersecurity software solutions. For this reason, organizations should diligently analyze and monitor email traffic for unusual behavior, such as the forwarding of every email to an external email address.
The malicious PDF itself is distributed through phishing tactics — usually by spoofing emails from popular social web sites, banks, auction sites or IT administrators. However, once inside, this exploit can be difficult to identify using off-the-shelf security software. Organizations should educate their employees through security awareness training and explain how the phishing emails they may receive aren’t what they seem.
Tackling malware and protecting your network is a never-ending battle, but it can be managed. To make sure your business is completely protected, reach out to a Gordon Flesch Company representative today for a free, no-obligation consultation to determine your business security needs. And, if you’re considering whether Managed IT and the vCIO services that come along with it are right for your business, be sure to check out our helpful comparison guide below.