Patched Hole could be a Perfect Cyber Crime

Tuesday, December 17, 2013 @ 09:12 AM gHale

Office 365 patched a problem and researchers are saying it could be the perfect cyber crime.

The attack doesn’t involve any malware payload security professionals can reverse engineer, no file hash to trace, no servers to confiscate, and no IP address to investigate, said researchers at Adallom.

RELATED STORIES
SMBs Not Really Security Aware – Yet
Firms Average 9 Targeted Attacks a Year
Tech. Industry Lags in Security Effectiveness
Attackers Dig in to Mining Companies

The attack observed by Adallom focuses on a high-profile company from an unspecified industry sector. Experts are confident it is a targeted attack because it starts with an email specifically written for this particular organization’s employees.

The email attempts to convince recipients to open a Word document by clicking on a link. After a close analysis, researchers found the document was coming from a TOR hidden service.

What the victim doesn’t know is that while he’s retrieving a decoy document via the Office 2013 Desktop application, designed to integrate with Microsoft’s Office 365 cloud platform, a vulnerability ends up introduced into the environment.

The flaw allows the attacker to gain access to the victim’s private Office 365 authentication token. Since the token has been valid for quite some time, the attackers can use it to access the targeted organization’s SharePoint Online site and download or modify all of its content without the user ever realizing it.

Researchers said SkyDrive Pro is just as vulnerable to these attacks. Furthermore, the attackers can use PowerPoint, Excel and OneNote files as bait.

Only Office 2013 Desktop appears to be susceptible to the attack since it integrates with Office 365. A report of the vulnerability (CVE-2013-5054) went out to Microsoft in late May.



Leave a Reply

You must be logged in to post a comment.