How Hackers Are Using OneNote Files to Spread Malware
Spreading malware can be difficult as more people implement strong security practices, and security software becomes more sophisticated. Because of this, hackers are always looking for new techniques to scam victims.
Microsoft Office files used to be popular vectors for malware but have recently become less effective in part because macro is no longer enabled by default. The latest alternative for hackers is to use Microsoft OneNote files.
So why are Microsoft OneNote files being used to spread malware, and how should you protect yourself?
Why Is OneNote Being Used to Spread Malware?
OneNote is a popular note-taking app developed by Microsoft. It is designed to provide an easy way to take quick notes, and it includes support for images, documents and other executable code.
It is also ideal for hackers. Here’s why.
Who Is Being Targeted?
Attacks involving OneNote files primarily target businesses. OneNote files are attached to emails and then sent in bulk to employees. The files are oftenattached to phishing emails, which aim to steal information, but can be attached to any type of email.
While business employees are the most profitable target, private individuals are also potential victims. A successful attack on an individual will be less profitable but may be easier to carry out. Because of this, everyone should watch out for dodgy OneNote attachments.
How Is OneNote Being Used by Scammers?
Malicious OneNote files are being distributed in emails that discuss common topics such as invoices and shipping. They also include a seemingly valid reason why the recipient needs to download the file.
Some emails include a malicious OneNote file as an attachment. Other messages direct the user to a malicious website where they are then encouraged to download the OneNote file.
Upon opening it, the victim will be asked to click on some type of graphic. Upon doing so, an embedded file will be executed. The embedded files are typically designed to execute PowerShell commands which download malware from remote servers.
What Malware Is Being Installed?
OneNote files are being used by attackers with a variety of different approaches. Because of this, many different types of malware are involved, including ransomware, Trojans, and information stealers.
Ransomware
Ransomware is designed for extortion purposes. Once installed, all files on a system are encrypted and cannot be accessed without a decryption key which needs to be purchased from the attacker.
Remote Access Trojans
A Remote Access Trojan (RAT)is a piece of malware that allows an attacker to control a device remotely. Once installed, an attacker can issue commands to a machine and install other types of malware.
Info Stealers
An info stealeris a type of Trojan that is used to steal private data. Info stealers are often used to steal login credentials like passwords as well as financial information. Once an info stealer is installed on your computer, a hacker can gain access to your private accounts.
How to Protect Against Malicious OneNote Files
Fortunately, attacks involving malicious OneNote files are not difficult to defend against. They rely on people being careless, and you can therefore protect yourself by taking some basic security precautions.
Don’t Download Email Attachments
Malicious OneNote files are only executed if they are downloaded. Email attachments should never be downloaded unless you are sure that you know who the sender is.
Back Up Files
Ransomware is less of a threat if all important files are backed up and the back-up kept in a separate location, i.e. not still plugged into your machine (as the ransomware will encrypt that too). It’s worth noting that defending against ransomware in this manner doesn’t prevent hackers from accessing data and threatening to release it.
Use Two-Factor Authentication
Remote access Trojans can be used to steal passwords. To defend against this, you should add two-factor authentication to all of your accounts. Two-factor authentication prevents anyone from logging into your accounts unless they also supply a second piece of information such as a code sent to your device. Once activated, your password could be stolen and the thief still won’t be able to access your account.
Use Antivirus Software
Many types of ransomware and remote access Trojans will be prevented from runningif you have antivirus suite. Antiviruses, however, should not be relied upon as the only line of defense as many malicious OneNote files are specifically designed to get past it.
Businesses Should Provide Employee Training
All businesses should educate their staff about this threat. Employees need to knowwhat phishing emails look likeand should not be allowed to download attachments.
OneNote Files Are Ideal for Hackers
OneNote files are ideal for spreading malware. They are trusted files that are able to run on most people’s computers. They’re not associated with malware either, so many businesses are not equipped to defend against them.
Anyone who executes a malicious OneNote file may have their data encrypted or their personal information stolen. The former requires a ransom payment while the latter can cause account hacks and financial fraud.
Both businesses and private individuals should be aware of this threat and can protect against it by following basic security measures.
With cyberattacks on the rise, the role of a CISO is expanding from protecting data to predicting and preventing all types of cyber threats.
The key is not to spook your friends with over-the-top shenanigans.
Unlock a world of entertainment possibilities with this clever TV hack.
You don’t need to fork out for expensive hardware to run an AI on your PC.
Every squeak is your PC’s way of crying for help.
Some subscriptions are worth the recurring cost, but not these ones.
