linkedin  Google+  email-3  twitter  facebook

Sandworm attack exploits Windows Operating System

Find me on:

sandworm_cyber_attackThe Sandworm attack is the latest in cyber espionage which is targeting Windows Operating Systems.

What has happened?

The Windows Operating System has a vulnerability which has been targeted by a cyber-espionage group from Russia called Sandworm.

The vulnerability affects all versions of Windows from Windows Vista Service Pack 2 right up to Windows 8.1 and Windows Server versions 2008 and 2012.
Without getting too technical, it relates to Microsoft technology that allows rich data from one document to be embedded in another, or a link to a document to be embedded in another. 

So far attacks have targeted individuals via emails that contain a malicious Powerpoint file attachment. If opened, two files automatically download and install malware on the users computer.This gives 'back door' access to the attackers with the ability to control and steal information.

While Powerpoint files have been the focus so far, given the critical nature of the vulnerability, it's highly likely that different Office file types such as Word documents or Excel spreadsheets will also be used in the attack.

Who is affected?

So far, several prominent organisations in America and Europe have been targeted, however it is likely to spread it's international reach even futher if it hasn't done so already.

What can you do to protect yourself?

Microsoft have released a security patch. If you have automatic updating enabled, you will not need to take any action because the security update will be downloaded and installed automatically on your computer. However, if you do not have automatic updating enabled, we strongly recommend you apply the patch immediately.

In addition, you should ensure that your security software is up to date, and also be wary of any emails you receive from an unknown source - in particular those with an embedded link or an attachment.

If you have any concerns or questions regarding this attack, or if you do at any time in the future, please don't hesitate to call us on 02 4254 5444 or get in touch with us via email so we can help.

Subscribe to our blog to receive regular articles