Victoria University Suffers Data Breach as a Result of Fraudulent Microsoft Word Document

Media Division | May 9, 2017

Cyber attacks continue to get more clever in their methods and vectors of attack. A method that they continue to frequently employ is phishing emails, and attackers are always developing new ways to fool people into clicking on malicious links or downloading attachments.  Phishing campaigns are quite simple for hackers to design and employ, and people continue to fall victim to them, which is why attackers use them heavily. Last week, Victoria University in Wellington, New Zealand suffered a data breach as a result of someone opening a phishing email.

Details of the Phishing Campaign

The sender of the email was purported to be a trusted contact of the person and would ask them to open a Microsoft Word document.  Once downloaded and opened, it would ask the individual to enable editing, which is typically a method of getting users to enable macros.  Macros are essentially bits of code that are stored within the file, and when enabled, it allows the code to be executed.  Then, whatever the payload may be can begin to fulfill its malicious purposes.  According to a leaked email to staff from the university IT services director, Stuart Haselden, they had advised staff, students, and some former students to change their passwords.  They have also been warned that their usernames and passwords may have been compromised in the breach.  The university seems to be keeping quite tight-lipped about the incident, as there has not been any further information in regard to the breach aside from the contents of the leaked email.  It appears there have been no reports as to who allowed the breach by opening the email and following the instructions.

Similar Phishing Campaigns

These types of fraudulent Word documents are not new.  There had been reports of the circulation of a similar phishing campaign that had also tried to get individuals to download a document and enable macros through trickery, which we had written about at the end of March.  Google was also undergoing an investigation of a phishing campaign that targeted Gmail users, which asked them to review a Google Docs file, and when clicked on, it would ask them to allow a fraudulent application to manage their email account.  The leaked letter from the university had mentioned this campaign as well, but they had said that the breach was not related to the investigation by Google.

Why Anti-Phishing Solutions are Necessary

Phishing campaigns are actually one of the most common forms of cyber attacks, largely because of what is mentioned above in regard to attackers being able to easily launch them.  These types of emails are extremely easy for them to craft, and yet have a wide range of effectiveness, which makes them an ideal method.  One of the most important points in defending from these attacks is educating employees upon their indicators, which allows them to detect and delete them, as well as alert IT.  Though, there are other anti-phishing solutions that need to be in place to ensure protection from these attacks.  The initial defense from them is critical, but there is also the factor of having a plan of action to be taken in the event of a successful attack, including addressing the immediate breach and tracing the source.  Massive Alliance’s anti-phishing solutions can ensure that an organization can prevent and mitigate phishing attacks in all avenues.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.