OneNote Documents, Phishing & Cloud Computing Vulnerabilities

cloud computing vulnerabilitiesCloud computing and virtual storage can provide significant advantages to many different types of business models. However, it is essential to understand and plan for certain cloud computing vulnerabilities and create solutions designed to protect your sensitive data from unauthorized access. Malware and viruses are the tools of cyber criminals who seek to wreak havoc, cause damage, and steal data from businesses. Network security is an important part of any business strategy. However, a new phishing campaign has brought a whole new twist to targeted malware attacks, using Microsoft OneNote documents to infect computers across North America and in the UK.

Cyber Criminals and Microsoft Products

With Microsoft Office being one of the most widely-used products around the globe, cyber criminals attack it frequently, hoping to infect as many computers and systems as possible. It seems as though every time the software giant makes one big step forward, the hackers find another way in to exploit and abuse their products and infect computers with malware. Abuse of macros on files being downloaded over the internet, XLL file exploits in Excel, and now infected OneNote documents shared over cloud networks are just some of the ways that cyber criminals have been keeping themselves busy in recent weeks.

The phishing campaign that targets OneNote documents was exposed in a recent study, showing targeted malware attacks that impersonate emails coming from a well-known company. Consumer invoices for utilities in Canada with attached OneNote files using the .one file extension were directed at users in Canada, the UK and the US. The payloads were downloaded from a digital service provider in India and a Catholic Church in Canada, compromised by the attackers and used for hosting the malware files. There are many benefits of using multiple providers like this, including avoiding detection for longer periods of time by using a legitimate website for hosting the malicious code. Cloud computing vulnerabilities for downloading OneNote documents and other files from the cloud are something that must be addressed to protect your business.

Targeted Malware Attacks

Once the users opened the OneNote documents, they were infected with AsyncRAT, which has been identified as a remote access tool that was designed to allow an attacker to infiltrate any connected devices to the target victim’s primary device. Since 2019, AsyncRAT source code has been available for free on the internet, which means that it has been used, and modified, by hackers around the globe for several years. This particular type of malware can record screens, capture keystrokes, execute code, launch DDoS attacks, and otherwise manipulate files within the system. To say that it is a multi-purpose remote access tool is an understatement.

Some of the known uses for this phishing campaign that uses AsyncRAT targeted malware attacks include cyber-espionage and financially-oriented goals. The attacker is able to easily see the machine in the tools admin panel and handle several different machines within the same interface for quick and easy manipulation. Other reported attacks used AsyncRAT to deliver the Formbook malware to steal passwords, take screen captures and execute code on infected systems. It is estimated that use of this popular code and a variety of different related attacks taking advantage of cloud computing vulnerabilities will increase in the coming months.

Cloud Computing Vulnerabilities

The best way to protect your business from things like phishing campaigns, targeted malware attacks, and exploits of cloud-based OneNote documents and other cloud computing vulnerabilities is to have a comprehensive network security solution in place. Taking advantage of professional services, such as our 24/7 monitoring and management, IT technologies, and employee education and support are also extremely beneficial. Contact Synivate at 617-848-1248 to speak with one of our team members about your network security concerns. We can offer custom consultation and solutions based on your unique industry requirements and organizational needs. We offer our services to clients in the Greater Boston area and can assist you in a wide range of innovative technology solutions to help you maximize your abilities, while protecting your essential and sensitive data. Business continuity services, including a backup and recovery program, can ensure quick recovery following an attack or any other type of disaster that might cause you to lose access to your company data and programs.

Posted in

Synivate Author