Story image

Dridex email campaign hits Australia: Patch your MS Office software now

12 Apr 17

A zero-day vulnerability is affecting all Windows versions of Microsoft Office, and that vulnerability is being exploited in an email campaign that distributes the notorious Dridex banking trojan.

Yesterday Proofpoint researchers discovered the activity, which was delivered to millions of organisations in Australia.

“We believe one of the reasons Dridex actors targeted millions of Australian recipients, across numerous organisations, with this recent Microsoft Word 0-day vulnerability because they wanted to take advantage of the small window before it was patched," explains Bryan Burns, vice president of Threat Research, Proofpoint.

"Sending it to Australian organisations early on Tuesday morning Australian time/late Tuesday U.S. time provided a longer window of possible exposure. Because of the widespread effectiveness and rapid weaponisation of this recent 0-day vulnerability, it is critical that users and organisations apply today’s Microsoft patch as soon as possible," he says.

The emails use spoofed email domains and attachments that pretend they are scanned documents to lure users into opening them.

A statement from proofpoint says that “Emails in this campaign used an attached Microsoft Word RTF (Rich Text Format) document. Messages purported to be from "<[device]@[recipient's domain]>". [device] may be "copier", "documents", "noreply", "no-reply", or "scanner". The subject line in all cases read "Scan Data" and included attachments named "Scan_123456.doc" or "Scan_123456.pdf", where "123456" was replaced with random digits.”

Microsoft has been quick off the mark to release a patch for the vulnerability, which also affected Office 2016.  

Researchers say the Dridex attackers have changed their methods significantly, as they previously relied on document macros in email attachments.

This time the vulnerability doesn’t require macros to be enabled - the first campaign of its kind to use the newly-disclosed Microsoft zero-day.

"Threat actors continue to demonstrate their flexibility and adaptability, rapidly taking advantage of new means of infecting users. Although attacks relying on document exploits are increasingly uncommon, they certainly remain in attackers' toolkits,” comments Sherrod DeGrippo, director of Emerging Threats for Proofpoint.

“New, exploitable vulnerabilities are often not readily available but, in this case, attackers obviously jumped at an opportunity to launch a large campaign that relied on this new exploit,” deGrippo says.

Proofpoint says that while social engineering and the human factor are both an important part of threat landscape, attackers will still use vulnerabilities and tools to conduct malware attacks.

Accenture 'largest Oracle Cloud integrator in A/NZ'
Accenture has bought out Oracle Software-as-a-Service provider PrimeQ, which now makes Accenture the largest Oracle Cloud systems integrator in Australia and New Zealand.
Australian businesses get serious about SD-WAN
"SD-WAN is doing to enterprise networks what virtualisation did to enterprise data centres almost a decade ago, but it's happening much faster."
How to keep network infrastructure secure and available
Two OVH executives have weighed in on how network infrastructure and the challenges in that space will be evolving in the coming year.
White box losing out to brands in 100 GE switching market
H3C, Cisco and Huawei have all gained share in the growing competition in the data centre switching market.
Gartner names newcomer Exabeam a leader in SIEM
The vendor landscape for SIEM is evolving, with recent entrants bringing technologies optimised for analytics use cases.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
How Fujitsu aims to tackle digitalisation and the data that comes with it
Fujitsu CELSIUS workstations aim to be the ideal platform for accelerating innovation and data-rich design.
Genesys PureCloud generates triple-digit revenue growth year on year
In Australia and New Zealand, the company boosted PureCloud revenue by nearly 100%.