Weaponized Microsoft Word documents, banking Trojans, slideshow plug-ins and malvertising were among the threats encountered and halted in October by the Fairfax, Va.-based cybersecurity firm Invincea, according to its latest trends report.

Invincea's October trends report identified the key advanced endpoint threats “in the wild,” meaning they spread unsuspectingly during normal, everyday activities. The data was derived from Invincea deployments made across more than two million protected endpoints.

“In October, spear-phishing attacks using weaponized Office documents were dominant,” Patrick Belcher, a director at Invincea and co-author of the report, said in the company's blog. “These are carefully crafted emails with weaponized Word and Excel documents, which used persuasive subject lines and email text, tricking users into opening malicious attachments including banking information stealing malware.”

Banking Trojans such as Dridex and Shifu, delivered via Office documents, were the top attack vectors for the month of October. The majority of observed attacks delivered Just-in-Time assembly of malware, as well as Object Link Embedding vulnerabilities.

The volume of weaponized Office document malware deliveries far outpaced other threats from malvertising, ransomware and other crime ware Trojans combined. Invincea said it detected and stopped hundreds of these advanced attacks that involve numerous malware families and bypass all other security controls.

Invincea also discovered Shifu attacks, which installed fully functional versions of the Apache web server via infected weaponized Office documents. Observers suspected this version of Apache intercepted and interpreted SSL transactions within online banking applications to easily compromise banking credentials.

“The Shifu banking Trojan is a Frankenstein's monster of malware techniques cobbled together from prior banking Trojans,” Belcher claimed.

According to IBM, this Trojan is capable of stealing cryptocurrency and smartcard credentials, disabling legacy anti-virus tools and even patching vulnerable applications against future exploit attempts.

In another ploy, business websites that typically run slideshow plug-ins were utilized to redirect visitors to exploit kits that delivered crippling CryptoWall3 ransomware. While CryptoWall spreads by infecting websites indiscriminately, Invincea noticed regional attack trends: They targeted India through poisoned phone number directories and Saudi Arabia via a popular online news source.

Invincea also discovered while malvertising instances dropped overall, there were some major attacks in October that potentially affected tens of thousands of users in Germany and Poland. For example, Germany's largest Internet service provider, T-Online.de, inadvertently ran advertisements for almost a week that dropped a banking rootkit called Tinba and a click-fraud bot called Bedep.

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Roy Urrico

Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).