Sunday, 3 May 2015

Companies Attacked Through CVs On Job Sites

Several companies who were looking for staff on the job site CareerBuilder became the target of a sophisticated attack. Through CareerBuilder job seekers can respond to available vacancies by uploading a resume. Companies gain when the resume is uploaded an e-mail that they can download it.

Proofpoint security firm says it has detected an attack where cyber criminals upload malicious CVs. These are files named "RESUME.DOC" and "cv.doc". The documents are abuse of two vulnerabilities in Microsoft Office that were patched by Microsoft in 2012 and 2014. In case the documents are opened malware can be installed on unpatched computers. The malware thereby poses as an image to blend in.

It is a backdoor that contains the TeamViewer application. This, according to Proofpoint legitimate cloud service that allows computers to be controlled remotely. Not only TeamViewer used by some companies and would therefore not stand, also helps the application in circumventing NAT limitations. Both the server and client make beginning with a connection to an endpoint in the cloud before they connect to each other.

While the attack requires more time and effort of the attackers, the chance that the file is opened greater than in any documents sent, according to Proofpoint . The attackers namely make use of the services of an existing website. It is also legitimate emails that remind recipients of the uploaded documents. Documents expect the receivers and just want to open.The observed attacks were directed against energy companies, television companies, credit unions and electricity suppliers.Whether they are successful and who is behind it is unknown.

No comments:

Post a Comment