PDF Threats, Encrypted Email Spoofs & Passwords
Over the past 3 months, the security community is taking note of a couple of new threats arriving via email which can result in damage or theft of sensitive data.
PDF Threat Files
Most businesses make extremely heavy use of pdf files, especially when they are sending a file which they wish to simply be read, and have the user not be able to alter it. PDF files have historically been great for this purpose which a number of reputable and free pdf readers such as Adobe and many others being readily available.
Use discretion on any recieved attachments
Any data you care about should be server-based and routinely backed up hourly, and these backups replicated offsite
workstations must run updates automatically
Any pdf software should be updated regularly
Remember that ANY pdf reader software can be vulnerable
Basically this most commonly occurs when a workstation is compromised allowing its email signature and user name and email address to be co-opted. This also co-opts everyone in that individual's address book, making them a target. The phisher then begins to trickle out phishing emails which will have a generic subject line (due to the limited intelligence of the SPAMMING system in use).
The subject line, if it came from Bill's Sawmill might be: "Bill's Sawmill Document for Review"
The email might be: "Kindly review attached document and let me know your thoughts" with a signature
The recipient opens the attachment and this activates compromised code to intiate the attack
Encrypted Email Threats
The use of encrypted email is becoming so common in many businesses that it has been co-opted to become a potential threat. In fact many securities businesses have become so hyper-sensitive that they do not allow encrypted email entry to their systems from outside, instead chooing to force clients to use secure web portals instead. The attack is designed to steal your secure email credentials and proceeds as follows:
The recipient recieves an email from a sender who is a known and trusted correspondent.
The subject will be something similar to:
"firstname.lastname@example.org sent you some files"
"You have recieved an ecrypted file from email@example.com"
When you open the email you get a screen pop which requests your secure email or portal credentials
When these credentials are entered, you will get a message that the credentials are wrong and that you are a registered user, making you think you made a mistake.
The reason this attack is successful is that you just provided your email address and password which is probably the same thing for many accounts from Office 365 to encrypted email, to payroll, etc. While you are troubleshooting the "credential problem" the perpetrators are seeing what they can access with these credentials.
Well, now you know better... be sure that you are not using identical creds for your sensitive stuff! And don't always trust an encrypted email if its suspicious or overly generic.