Novel Phishing Attack Uses Corrupted Word Documents to Bypass Security Filters

Cybercriminals have developed a sophisticated phishing campaign using corrupted Microsoft Word documents to bypass traditional security measures. This novel attack, recently uncovered by security researchers, exploits legitimate software features to evade detection.

The Mechanics of the Attack

The campaign revolves around deliberately corrupted Word documents that appear damaged to most security tools but can still be recovered and opened in Microsoft Word. When opened, users see a prompt to recover the document. This recovery process circumvents initial security checks, exposing users to malicious content.

Phishing emails in this campaign mimic payroll and HR communications, featuring attachments with names like:

• “Annual_Benefits_&Bonus_for[name]”
• “Q4_Benefits_&Bonus_for[name]”

These targeted themes increase the chances of recipients opening the files.

Recovered documents display a QR code with instructions to retrieve a document. Scanning the code directs users to a phishing site posing as a Microsoft login page, designed to steal credentials. This tactic complicates detection as QR codes are harder for security tools to analyze.

Evasion of Security Measures

This attack evades multiple layers of security:

• Email Filters: Corrupted documents bypass attachment scans.
• Antivirus Software: Many antivirus tools fail to analyze the corrupted structure.
• Sandbox Analysis: Security sandboxes may not flag these documents as threats.

Protecting Against the Threat

Organizations and individuals should:

• Exercise Caution: Avoid opening unexpected email attachments, especially those related to financial or HR matters.
• Enable Multi-Factor Authentication: Protect accounts against credential theft.
• Update Software Regularly: Ensure Microsoft Office and other software are patched.
• Educate Employees: Raise awareness about phishing techniques and the risks of scanning unknown QR codes.
• Use Advanced Security Tools: Implement tools to detect anomalies in document structures.

How CDML Can Help

CDML Computer Services provides comprehensive solutions to counter advanced threats like this phishing campaign. Our services include:

• Email Security Services: Advanced filtering to block malicious attachments and phishing attempts.
• Employee Training: Tailored programs to help your team recognize phishing attempts.
• Multi-Factor Authentication Implementation: Strengthen account security.
• Proactive Monitoring and Response: Real-time threat detection and mitigation.

Partner with CDML to stay ahead of evolving cyber threats. Contact us today to strengthen your defenses against phishing and other risks. Staying informed and maintaining a skeptical approach to unexpected communications is crucial in the fight against cybercrime.