How Posting A Job Advert Could Compromise Your Firm
There have been more and more cases recently, including a recent attack on a brewery, of malware infections and other similar attacks being caused by posting a simple job advert. How can such an everyday activity lead to an attack on your firm? Here’s how it works:
You need a new member of staff in your firm. You draft your advert with your list of requirements, Salary offering, and the hiring manager’s contact details. You post on several jobs boards to gain maximum exposure because you want to attract the best candidates.
The hiring manager is delighted that they are receiving so many CV’s and are enjoying the task of sifting through to find those suitable for interview. In fact, this particular advert has had an unusually good response.
The bad news in this case is that none of these responses are genuine. A cyber-criminal is actually bombarding the hiring manager with fake CV’s. The hiring manager is getting used to opening these without incident until suddenly, they open one with a Word attachment containing Macro Malware.
Microsoft Office macros are now the most common way of delivering a malicious payload to a law firm as an email attachment. Macro’s are intended to provide advanced users with the ability to write custom functions that can be used to aid productivity. The same functionality however can be used to distribute viruses. Microsoft report that they have seen some major malware families such as ransomware and trojans be delivered by macro via mail attachments.
There are some steps you can take to prevent this powerful piece of functionality being used to cause damage.
- IT admins can disable macros by default.
- Choose a good antivirus software and keep it up to date. Antivirus should be set to scan before opening and packaging.
- Use a sandboxing tool to screen emails. These essentially open the email in a ‘safe’ environment to test the contents. If they’re not malicious, the email can then be safely delivered to the user.
- Train your staff to look for tell-tale signs and to always report anything suspicious. You need to create a no-blame culture for this to happen.
- Keep up to date with the latest info on common attack vectors.
- Have a robust recovery plan in case of a data breech.