Bangkok--16 Jun--Trend Micro
Webmail provides users the convenience of opening their email accounts from any place where Internet access is available. While most companies promote the use of email clients, employers generally allow employees access to webmail accounts—for both work and personal use. It is a common practice, but a recent incident highlighted the often-ignored risk that comes with accessing webmail at work. In this targeted attack, a specially crafted email message exploited a then-unpatched vulnerability in Hotmail. The recipient simply needed to preview the email message, which automatically executed an embedded script that triggered information theft routines.
The attack required specific variables in order to succeed. When the embedded script executed, it connected to a URL that contained the target user’s Hotmail ID and a predefined number. Analysis of the URL revealed that only a specific number in the URL triggered a request to the Hotmail server that automatically forwarded all of the affected user’s email messages to certain email addresses while the user was signed in.
The Traps That Cybercriminals SetBecause of their very nature, targeted attacks do not randomly affect single users or even large enterprises. Despite their limited number of potential victims, the consequences are often greater. In this regard, targeted attacks emphasize the dangers that users face. However, the seemingly selective nature of targeted attacks can also mislead users into thinking that they are safe from these threats. What most people fail to realize is that anyone can be a target and, consequently, a victim.
In the Hotmail attack, the conditions required were too specific for widespread damage to occur. Apart from specifying the user’s account name and payload via the URL, the sample email message also employed traditional Chinese characters and targeted Facebook users. It is possible that the attack was only targeting Chinese-speaking Facebook users.
However, this is not always the case, as several targeted attacks have had wide-ranging effects. Attacks targeting the users of popular social networking sites, reaching millions of potential victims, have become all too common. Using a variety of social engineering tactics, cybercriminals can easily create an attack that someone somewhere is bound to fall for.
Securing Systems, Protecting DataGiven the circumstances regarding the Hotmail attack, it would have been difficult for the recipient to avoid falling into the cybercriminals’ trap. Since simply previewing the email message triggered the malicious routines, even the oft-repeated reminder of not opening messages from unknown senders failed. Nevertheless, taking stock of information like this can help to mitigate similar attacks.
Companies should consider the risks that attacks like this pose, including the possibility of giving attackers access to sensitive information. In this example, employees who checked their personal email accounts at work, or used their personal email for sending work-related messages, could have inadvertently exposed confidential data. Security solutions that can detect and block such threats are crucial for the protection of valuable corporate data.
References:Targeted Attack Exposes Risk of Checking Personal Email at Work
http://blog.trendmicro.com/targeted-attack-exposes-risk-of-checking-personal-webmail-at-work/#more-34002
Trend Micro Researchers Identify Vulnerability in Hotmail
http://blog.trendmicro.com/trend-micro-researchers-identify-vulnerability-in-hotmail/#more-34090
Security Researcher Acknowledgments for Microsoft Online Services
http://technet.microsoft.com/en-us/security/cc308589.aspx