PDF Threats, Encrypted Email Spoofs & Passwords

PDF Threats, Encrypted Email Spoofs & Passwords

Over the past 3 months, the security community is taking note of a couple of new threats arriving via email which can result in damage or theft of sensitive data.

PDF Threat Files
Most businesses make extremely heavy use of pdf files, especially when they are sending a file which they wish to simply be read, and have the user not be able to alter it. PDF files have historically been great for this purpose which a number of reputable and free pdf readers such as Adobe and many others being readily available.

Over time, threats have appeared in pdf files due to the fact that they can activate a variety of software features in reader software. These features such as JavaScript can be used to launch an attack. And while these attacks have not been extremely common in the past, reducing your risk has not markedly changed:

  • Use discretion on any recieved attachments

  • Any data you care about should be server-based and routinely backed up hourly, and these backups replicated offsite

  • workstations must run updates automatically

  • Any pdf software should be updated regularly

  • Remember that ANY pdf reader software can be vulnerable

Basically this most commonly occurs when a workstation is compromised allowing its email signature and user name and email address to be co-opted. This also co-opts everyone in that individual's address book, making them a target. The phisher then begins to trickle out phishing emails which will have a generic subject line (due to the limited intelligence of the SPAMMING system in use). 

The subject line, if it came from Bill's Sawmill might be: "Bill's Sawmill Document for Review"

The email might be: "Kindly review attached document and let me know your thoughts" with a signature

The recipient opens the attachment and this activates compromised code to intiate the attack

Encrypted Email Threats
The use of encrypted email is becoming so common in many businesses that it has been co-opted to become a potential threat. In fact many securities businesses have become so hyper-sensitive that they do not allow encrypted email entry to their systems from outside, instead chooing to force clients to use secure web portals instead.  The attack is designed to steal your secure email credentials and proceeds as follows:

The recipient recieves an email from a sender who is a known and trusted correspondent.

The subject will be something similar to:   
"x@ycompany.com sent you some files"
"You have recieved an ecrypted file from x@ycompany.com"

When you open the email you get a screen pop which requests your secure email or portal credentials

When these credentials are entered, you will get a message that the credentials are wrong and that you are a registered user, making you think you made a mistake.

The reason this attack is successful is that you just provided your email address and password which is probably the same thing for many accounts from Office 365 to encrypted email, to payroll, etc. While you are troubleshooting the "credential problem" the perpetrators are seeing what they can access with these credentials.

Well, now you know better... be sure that you are not using identical creds for your sensitive stuff! And don't always trust an encrypted email if its suspicious or overly generic.

Using Managed Services

Using Managed Services

How Do 3rd-Party IT Consultants Help Your Business' Profitability?

How Do 3rd-Party IT Consultants Help Your Business' Profitability?