How are Word-based fileless attacks targeting aid organisations?

Imagine you have opened a Word file that was emailed to you by a prominent organisation in your field. On the surface, nothing else happens. You notice no changes and your antivirus system doesn’t detect anything suspicious. Would you (or your employees) expect to be spied on by hackers?

This March, McAfee identified a new fileless hacking operation which is targeting humanitarian aid organisations worldwide. ‘Operation Honeybee’ tricks its targets into opening compromised Word documents. When this is achieved, their malware takes hold in the computer and allows the hackers to spy on their target undetected. They are able to escape scrutiny because of their fileless strategy.

There has been a surge in fileless attacks. A study by the Ponemon Institute predicts they will comprise 35% of all cyberattacks in 2018. As hard drive-focused antivirus scanners become more effective, hackers are resorting to strategies which do not leave files in your directory. Instead, they exploit known weaknesses in legitimate programs which are already on your computer. Once they have gained a foothold there, they can run commands which allows them to spy on you, mine cryptocurrency, ransom your files, and even take over your entire system.

 Honeybee and spear phishing pierce your defences

Another dangerous aspect of the Honeybee operation is its use of ‘spear phishing’; a more sophisticated form of phishing. Where ordinary phishing campaigns send out misleading emails in bulk, and cross their fingers, spear phishing tailors its message to appeal to a particular target in order to increase its chances of success.

In the case of Honeybee, the hackers designed their initial email to pass for a message from the International Red Cross. They then used the decoy document to ambush employees of the aid organisations they wanted to spy on.

The Red Cross is a perfect disguise for a spear phishing operation, as it is a well-known, trusted organisation. Combining this with the fileless nature of the attack, it is even more likely to escape detection. This joint strategy can be adapted to target any industry.

Joint strategy; twofold solution

If hackers are purposefully evading traditional antivirus strategies, how can you keep your system safe? There is a twofold solution.

First of all, there are innovative antivirus programs which do protect against fileless attacks. The latest cybersecurity tools use machine learning to pinpoint unusual activity on your system. This allows them to eliminate threats which would otherwise remain hidden.

Secondly, you can implement a training strategy which will increase awareness of the strategies used by hackers. When properly prepared, members of your organisation can neutralise a threat by taking as little as a minute to verify the source of emails they receive. It really can be that simple.

Every organisation can benefit from added protection. Give us a call on 0844 586 0040, or email intouch@digitalpathways.co.uk, and we’ll be happy to advise you.