Cyber security experts suggest the attackers originate from the Iranian cyber gang ATP33
Cyber criminals are actively exploiting a Microsoft Outlook vulnerability that was patched more than a year-and-a-half ago to infect users’ machines with malware.
According to the US Cyber Command, the equivalent of the UK’s National Cyber Security Centre (NCSC), attackers are once again maliciously abusing the CVE-2017-11774 flaw with Outlook Home Page. This was first discovered, and patched, in October 2017.
Although the vulnerability was deemed unlikely to be exploited at the time of disclosure, the cyber security organisation is urging Outlook users to patch their systems after noticing a flurry in cyber activity.
The vulnerability centred on Microsoft Outlook improperly handling objects in memory, which could allow an attacker to execute arbitrary commands if successfully exploited. Moreover, in file-sharing scenarios, an attacker could provide a specifically-crafted document designed to exploit the flaw and convince users to open the file and interact with it.
Patches to mitigate this flaw were issued for Outlook 2010, 2013, 2013 RT, and 2016 across 32-bit and 64-bit systems many months ago, but active exploitation suggests that many users still haven’t updated their software.
US Cyber Command has not disclosed any further information. FireEye’s senior manager for adversary methods Nick Carr, however, suggested the current wave of attacks bears striking similarities to previous campaigns by the Iranian group APT33.
The cyber security company previously detailed the methods behind the active exploitation of CVE-2017-11774 in December after noticing an uptick in malicious actors’ usage of a specific homepage exploitation technique.
Carr also suggested the malware families, Yara rules and hunting methods shared still apply to the cyber gang’s current campaign, which has been running from mid-June to the present day.
The continued exploitation of a vulnerability that was patched more than 18 months ago demonstrates the importance of routine patching. Moreover, the risks of a cyber attack are ever-present given Microsoft Outlook used by swathes of organisations.
Written by Keumars Afifi-Sabet
Image via shutterstock
Microtechs 24x7x365 White label support services
Based in Surrey, Microtechs are an established and experienced end user support centre. Our Help desk and NOC experts can monitor your servers and support queue (email, RMM & phone) 24×7 or just as overflow. The Microtechs White Label support service offers a cost effective, 24×7 support option perfect for providers with an expanding customer base.
You may ask yourself:
- How can I offer support 24/7 without the stress & cost of recruiting and training?
- How can I free up my team’s time, to enable us to grow the business?
- How can I improve my bottom line?
Microtechs can help.
- Office hours or 24/7
- UK based from Guildford, Surrey
- 1st & 2nd line / NOC and incident management capabilities
- Ability to learn bespoke applications
- All white labelled to your brand
- 25-50% reduction in overheads
- Pricing from £500 per month
- Sole traders through to enterprise companies supported
Here’s what our customers have said;
“Using Microtechs to extend the helpdesk capabilities for our organisation has been a very worthwhile venture for us. The transition was very easy and simple, and we have found the Microtechs staff to be both knowledgeable and professional; in their dealings with our clients.”
“My customers receive a polite service and their issues are dealt with quickly and professionally. In short Microtechs provide a courteous, effective and cost-efficient service that enables me to offer my customers 24/7 support without the associated expense.”
It would be great to have a chat with you and understand a little about your business, even if you are not quite ready to outsource.
Live chat us now or call 01483 407417