Researchers from security software firm McAfee recently discovered a vulnerability in Microsoft Office that may have infected millions of users. Attackers exploited a software bug that allowed them to embed Dridex malware into Word documents. The infected documents were then spammed across the web as attachments to emails. Many organisations were reportedly targeted in the attack, including banks and other businesses in Australia. Microsoft released a patch on Tuesday that fixed the Windows Dridex bug.
Windows Dridex Bug Used to Steal Millions from Banks
The Dridex malware has been wreaking havoc on the online banking industry since 2015. Typically distributed through spam and malicious email attachments, this malware, when executed, downloads and installs a Trojan from a hijacked remote computer.
Dridex can monitor the victim’s online banking activity. It uses a keylogger to steal their login credentials and financial data as they type it into the system. In 2015, hackers stole £20 million and $10 million from UK and US victims respectively, using the Windows Dridex bug.
This particular attack is noteworthy for a couple of reasons. Unlike previous versions of Dridex, this variant did not require macros enabling to trigger the infection. Instead, it relied on a zero-day vulnerability by exploiting a weakness previously unaddressed and therefore unpatched by Microsoft.
The dridex malware was able to compromise all versions of Microsoft Word, including the latest version bundled into Windows 10. The weak link was an Office feature called Object Linking and Embedding (OLE).
A Microsoft proprietary technology, OLE lets you move data from one document or application into another. While it comes in handy when working with presentations and spreadsheets, the feature is a dream come true for crafty hackers. An OLE vulnerability could enable a remote attack that bypasses security features and tricks users into opening a document that contains the infected object.
Data Protection Starts with a Backup
In theory, the latest Windows patch would provide automatic protection for all users affected by the attack. Windows 10 is one of the most secure operating systems on the market. However, the alarming effectiveness of Dridex once again proves that no system is ever completely secure.
The latest Windows Dridex bug is not the first and won’t be the last vulnerability to put countless users at risk. With that said, there are a few ways you can defend against this and similar attacks:
- always approaching email attachments with caution;
- keeping your anti-virus software update;
- backing up your data on a regular basis;
- keeping at least one backup copy on a device disconnected from the Internet.
A data protection strategy is a key to keep yourself safe – prevent security breaches and make sure you can always recover as soon as possible, to keep your business intact and to run.