Microsoft OneNote phishing technique, from Matt Aldridge, OpenText
January 2023 by Matt Aldridge, Principal Solutions Consultant at OpenText Security Solutions
Earlier today, news broke that some hackers are now using OneNote
attachments to spread malware. Please find the full story here:
Microsoft OneNote attachments are being used to spread malware.
The story focuses on phishing emails which include OneNote files
carrying malicious VBS files. When released, these communicate with the
target’s C2 server and download malware on to the computer.
The commentary Matt Aldridge, Principal Solutions Consultant at OpenText Security Solutions
on what this means for the industry, and how business leaders can
mitigate cyber risks in the ever-changing cyber landscape.
"A key challenge of cybersecurity and cyber resilience is that the goal
posts are always moving. Here we see another example of a novel
technique being used to bypass certain security controls, and it
highlights the importance of implementing multiple defensive layers,
plus a strong education strategy. Many file types allow the embedding
or archiving of other files within them, and any of these can be useful
for attackers. Sometimes attackers will also choose to encrypt the
contents to try to evade detection at the gateway. It is critical to
have a security awareness training solution in place which is regularly
updated to reflect new trends such as this, along with comprehensive
cyber hygiene and solutions such as email security, web security,
endpoint security and regularly tested, isolated backups to round out a
comprehensive cyber resilience strategy."