Zyklon Malware Campaign Targets Microsoft Office Users
Zyklon, a new malware is out and targeting Microsoft Office users through their inboxes. This dangerous malware is making use of human negligence plus software that’s out of date.
Experts say that it was last year that Zyklon was first identified in 2016 as accessible to the general public. Now, the malware makes a comeback, targeting its victims through phishing emails. It’s a global phishing campaign that’s carried out to spread Zyklon and the hackers seem to be focusing basically on three different industries- the telecommunications sector, the insurance sector and the financial services industry.
How the Zyklon malware works…
Once it infects a system, Zyklon communicates with a remote command and control server; thus it becomes a backdoor and is able to do all kinds of things including keylogging, stealing passwords, downloading and executing plugins, launching DDoS attacks etc. It could even self-update and self-destruct. The hackers can use this backdoor to launch any kind of attack on a network or an organization and even hold a network (or device) hostage, demanding ransom from the victim(s). Data breach becomes very easy.
The Zyklon attack always starts as a fake mail, with a zip file containing a word doc packaged with three exploits of Microsoft Office. Microsoft had, in September last, patched the three vulnerabilities targeted by these exploits, but there obviously are still many users who have not updated their software and it’s such users that the Zyklon malware targets. The Microsoft office exploits download the “Powershell” payload, followed by the final payload- the command and control server. Once that’s accomplished, a remote user would have full access to the terminal.
How to protect yourself from being targeted by the Zyklon malware…
There are some very basic things that you need to do to secure your system/network from being infected by the Zyklon malware. In fact, these are things that protect you from almost all kinds of malware threats.
Ensure regular updates
As already mentioned, Zyklon exploits out of date Microsoft office software. Thus, it becomes important that you ensure regular updates of your software. Updating the OS (Operating System), the antivirus and all the other software that you use is important as regards securing yourself against Zyklon and all other kinds of malware.
Stay aware and vigilant
Awareness is a key to security. So, you need to keep yourself aware of the new trends in cyber security and about the latest malware threats. This helps you stay vigilant and keep yourself ready to face and avert all kinds of threats.
Do email monitoring
As already discussed, the Zyklon malware comes seeking its victims through phishing emails. Users worldwide are always targeted through phishing emails and a wrong click or an unintentional download could get them infected. Hence, it’s really important that you do email monitoring in the strictest of manners and stay wary of phishing emails. Enterprises should do this for their employees only if the laws allow it.
Educate and train your employees
Education employees on various aspects of cyber security and training them on keeping the systems/network secure is of utmost importance. A seemingly small mistake that one employee commits could leave the whole organization affected. Any company today needs to invest in training employees.
Julia Sowells167 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.