Researchers have discovered a new malware that is designed to be used with two existing exploits in order to transfer fraudulent money. According to an article published Tuesday, this malware combines ProxyLogon and ProxyShell in order to initiate these fraudulent transfers. An attempted attack that was flagged by the target’s bank just before the transaction fully completed pointed to an ongoing risk of unpatched Microsoft Exchange Servers and the use of business email compromise to trick potential targets. When recipients open a malicious file and enable macros, Cobalt Strike Beacon is executed, which gives attackers control over compromised computers, according to the report.
https://twitter.com/NetCentricsCorp/status/1493643783711428610
Business email compromise remains a prevalent danger in companies. Macro vulnerabilities are often believed to be an old tactic used in years gone by, but they remain a threat today, especially when organisation procrastinate patches.
It is vital that people are aware of attachments in emails, even from known senders, and question whether they really need to edit the document. It is recommended not to select “Enable Content” in Office documents unless you are absolutely certain of the origin of the file and its authenticity, even if it appears to have come from a person or organisation you trust. Office does not scan files to locate rogue macros but robust antivirus software should be able to detect and block known macro viruses.