Cybercriminals are attempting to compromise Microsoft Office accounts and steal user passwords, especially those used for banking, by sending malicious attachments claiming to be tax forms or other official documents.

This threat – flagged as a “critical alert” by Barracuda Security Insight, Campbell, Calif.-based cyberfraud defense firm Barracuda Networks new free threat intelligence platform – resulted from attempts to steal user passwords by using attached to common and trusted file types, such as Word or Excel documents.

“Cybercriminals regularly go after user passwords and credentials; however, we're continuing to see criminals come up with clever ways to persuade users into sacrificing their sensitive information,” Jonathan Tanner, software engineer at Barracuda Networks, said in a blog reported the research.

Security Insight helps organizations gauge their threat levels, across email, endpoint, network, and web traffic, by examining over 100,000 sources to compile active and emerging in real-time. “One of the reasons we're excited about the platform is because anyone with Internet access can use it as a way to check in on the different threats that might be lurking around the web,” Tanner said.

The research acknowledged as with malware in general, password stealers have a variety of distribution methods, most of which involve phishing emails with an attachment or URL. Since it is much easier and more cost-effective for organizations to detect malicious attachments on the email server itself than a user's computer, scammers use a variety of different file types and distribution methods to try to evade security.

Cybercriminals constantly distribute various types of malware based on their objectives, Barracuda Networks noted. Thieves can monetize banking passwords most easily since criminals can simply transfer funds from a user's account to theirs, but even email and social media passwords have value.

Tanner explained there is a booming black market for stolen passwords within criminal communities, making malware that obtains these passwords profitable to distribute. The prevalent usage of password storage software (from browsers for instance), and password management solutions compound the problem since a number of passwords sit on many users' computers.

Tanner described the evolution of password theft. Prior to the availability and popularity of storing passwords for convenience, stealing passwords required infecting a user with malware that logs keystrokes and transmits this data. While still used, this technique allows for easier discovery through anomalous network traffic detection because it requires multiple break-ins. With the increasing usage of saving passwords; however, malware can simply disrupt whatever security mechanism is protecting the passwords and upload them all at once.

Barracuda cited two examples of how cybercriminals attempt to steal passwords:

Attackers try to encourage the recipient to open an attachment by using urgent language to make the message appear important. Additionally, by naming the attachment “taxletter.doc,” the attachment appears like it could be something important. Lastly, by using a Word Document as an attachment, the attackers increase their chances of actually having the file opened.
Attackers try to make their message and attachment appear important by using an attached purchase order. The only difference here is that the attachment is an Excel file, which is another common file type that people are familiar with, making it less likely that they will suspect anything malicious.

Barracuda offered several ways to protect passwords and other information. Employees should regularly receive training and testing to increase their security awareness of various targeted attacks. “Simulated attack training is by far the most effective form of training.” Other security methods include layering employee training with an email security solution that offers sandboxing and advanced threat protection; and deploying anti-phishing tools with link protection.

Instant Insights /

Scammers Attaching Banking Password-Stealing Malware to MS Office Docs

Related Stories

Recommended For You