Weaponized Document Attacks: AppGuard Is Put To The Test

Share on facebook
Share on twitter
Share on linkedin
Share on email

Data has become the most valuable commodity on earth. The power that comes with controlling an organization’s proprietary information is immeasurable, as proven by the substantial increase in Ransomware attacks over the past year, with 206.4 million attacks per SonicWall.

Hackers are smart, creative, and have tremendous incentive to develop new ways to lodge an attack that could result in a huge financial return. That’s why it’s critically important to stay on top of the latest strategies and attack methods that could make your organization the next victim.

One of the methods that has grown in popularity is weaponizing documents to infect a network with ransomware, malware, or other malicious code. Most often weaponized documents are delivered as an email attachment, such as a Word, Excel or PDF, that has been contaminated by adding malicious code as a macro. The email containing the weaponized document is generally designed to look like it comes from a trusted sender – such as an executive within the same organization. Once the recipient opens the attachment, the system is automatically infected and the damage is done.

We consider it our mission to increase industry education about this kind of sophisticated attack, and ensure that our offerings are capable of protecting our customers. To achieve that, we recently partnered with Red Phoenix Consulting to offer students of ECPI University an opportunity to perform penetration testing on AppGuard against weaponized document hacks using several attack vectors.

As a part of the testing a Business Email simulation was created. Several participants were given business related roles such as CEO, CFO, CISO and email accounts were established for each role. To carry out the attack, an email was drafted to mimic the email of the CEO, requesting that the CFO send funds immediately to a certain account. The account information was included in an attached PDF with the company letterhead and all necessary information. The PDF was weaponized and if opened the system would become infected.

As mentioned, the ECPI University students used several attack vectors in addition to the Business Email simulation – but after launching more than 30 attacks, none were successful in infecting the network with AppGuard in place. AppGuard’s sophisticated protection engine and extensive logging functionalities provided not only an excellent defense, but advanced data aggregation that would be useful for future threat intelligence.

This successful testing of AppGuard was a clear demonstration of how Blue Ridge Networks solutions stand up against some of the most pressing cybersecurity challenges our customers are facing today.

To learn more about this validation testing with Red Phoenix Consulting, check out our whitepaper. Or, contact our team to talk more about how AppGuard could bolster your security infrastructure.