I am often asked how threat actors get their malicious packages past both the latest technical monitoring and a well-trained staff. The quick answer is the hackers are always looking for and changing to new attack vectors – such as this one:
MalDoc in PDFs: Hiding malicious Word docs in PDF files (bleepingcomputer.com)
Japan’s Computer Emergency Response Team (JPCERT) discovered this MalDoc attack obfuscated inside a PDF to avoid detection. The skill in this attack is that the file is recognised by the system and the technical cyber security defences as a PDF file but on execution, opens in Word. This type of dual identity file is a called a Polyglot.
This is how the hackers succeed.
Security Operation Centre – SOC-as-a-Service
So your anti-virus missed this malicious file and your well-trained staff were unaware of this type of attack (I will be adding this type of attack to my training course later today), what else can you do?
Once in threat actors in performing their attacks need to carry a range of detectable actions, if you have invested in the right type of defences, they can detect these, “indicators of compromise”, even if the actual attack is unknown. Want to know more about how our SOC-as-a-Service will protect you from as little as £10 per month? Then have a look at this article:
Or just get in touch for a chat and demo.
Clive Catton MSc (Cyber Security) – by-line and other articles