Microsoft Word flaws used in cyber attack

A new report from Kaspersky Lab has highlighted the actions of a malicious group of programs which has infected 350 high-profile victims in 40 countries.

The group of programs, called NetTraveler, has targeted victims across the public and private sector. The affected organisations include government institutions, embassies, research centres, military contractors and businesses in the oil and gas industry.

While NetTraveler has been active since 2004, the highest volume of activity associated with this attack occurred between 2010-13.

The victims of the NetTraveler attack are sent spear-phishing emails which contain two known Microsoft Word vulnerabilities, CVE-2012-0158 and CVE-2010-3333, which Microsoft has already issued patches for.

The aim of the attack was to enable data theft, with Kaspersky Lab analysis revealing that over 22 gigabytes of stolen data was found on NetTraveler's servers.

"Witnessing how effectively these security holes have been abused for the past couple of years is a real concern," Kaspersky Lab researcher Kurt Baumgartner said in an article published June 7 by SC Magazine.

The news is a timely reminder about the importance of staying on top of security updates such as patches.

If you are concerned about your own organisation's level of cyber security, you may wish to have a security audit undertaken to assess, identify and resolve any flaws in your ICT networks.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s