August 3, 2020

Volume X, Number 216

August 03, 2020

Subscribe to Latest Legal News and Analysis

July 31, 2020

Subscribe to Latest Legal News and Analysis

U.S. Cyber Command Issues Warning About Microsoft Outlook Vulnerability

Hackers are targeting U.S. government networks, according to U.S. Cyber Command, which says there is a vulnerability of CVE-2017-1174, which is a two year old flaw in Microsoft Outlook that is being used by attackers to install remote access Trojans and other malware.

U.S. Cyber Command recommends that the vulnerability be patched to prevent exploitation. The known flaw can be exploited by allowing an intruder access to credentials, which is usually accomplished through phishing attacks. Once the attacker has successfully obtained Outlook credentials, the attacker can change the user’s home page to a page the attackers have infected with malicious code that activates when Outlook is opened.

Security researchers believe the attacks are being launched by Iran-backed group APT33, and are in response to the political tensions with Iran. According to the security researchers, APT33 has been using brute force attacks with commonly used passwords.

The cyber tensions between the U.S. and Iran are continuing and do not look like they will stop in the near future. U.S. businesses are being attacked and are caught in the cross-fire, so awareness of the warnings provided by U.S. Cyber Command and U.S.-CERT (Computer Emergency Readiness Team) is important to stay abreast of new threats and vulnerabilities. Since these latest attacks are being launched through brute force attacks, educating employees on these threats, and reinforcing strong passphrases is an obvious first response.

Copyright © 2020 Robinson & Cole LLP. All rights reserved.National Law Review, Volume IX, Number 192


About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...