The technique uses object linking and embedding — a technology developed by Microsoft — to enable users to link and embed compound documents within existing documents.
Cyberattackers leverage this capability by sending users a Microsoft document with an embedded icon inside it, according to PhishMe. Once the user clicks the embedded object, it writes a script application that downloads and executes malware onto the computer system.
“Although this delivery method of malicious OLE objects is not new, it does reinforce an ongoing trend in which threat actors hope to circumvent technical controls,” the PhishMe analysis states.
Click here to view the full analysis.
More articles on health IT:
5 things data scientists want hospital leaders to know
Metro Community Provider Network agrees to $400k HIPAA settlement
10 guidelines for ethical data research
