New Cyber Attacks FreeMilk & PoohMilk Unearthed as Major Cyber Threats

By Faiz Askari, Founder of SMEStreet.in

Digital is growing exponentially so as the complexities. These complexities include some evolving and continuously graduating threats which are often termed as cyber attacks. One of such advancements is recently reported by some hard working IT security researchers.

We are talking about the recent, new spear-phishing campaign that intercepts an active conversation and hijacks them to spread malware using highly-customised emails designed to look as if they are coming from the original sender. This is fairly unique way of digital intrusion and such malware attack is dubbed as “FreeMilk”.

This FreeMilk is used by the hackers to infiltrate the computers using malicious codes and retrieve confidential information without even getting noticed.

The attack leverages CVE-2017-0199, a remote code execution vulnerability in the way Microsoft Office and Wordpad parse specially crafted files – which was subsequently patched in April this year.

In order to explore any guideline to stay safe from this new cyber attack, it is important to understand how it actually works.

FreeMilk Affect & Impact on Victim’s System

Upon successful execution of a FreeMilk phishing attack, two payloads named 'PoohMilk' and Freenkin gets installed on the targeted system

PoohMilk’s primary motive is to run the Freenki downloader. Freenki, on the other hand, performs two different task -the first is to collect information from the host and the second is to act as a second-stage downloader which further downloads sophisticated malware.

Commenting on this new cyber attack trend, Ankush Johar, Director at HumanFirewall.com, says, “Information collected by the malware include username, computer name, ethernet MAC addresses, and running processes. Besides this, Freenki can take screenshots of the victim’s system, with all the information sent to a command server for the attackers to store and use.”

HumanFirewall is a provider of human information security awareness and preparedness solutions.

Further elaborating, Johar added “Freemilk is exploiting the CVE-2017-0199 vulnerability in Windows which was patched in April 2017. Therefore, ensure that any computer that has not been patched since before April, 2017 is not allowed to go on your the network.”

Suggesting a first level preparedness to get safeguarded from such attacks, Johar said “Firstly, patch all your computers using the official security update if not done already. (https://support.microsoft.com/en-us/help/3141538/description-of-the-security-update-for-office-2010-april-11-2017). It is important to ensure general hygiene for protection.”

While sharing some more insightful information on these recent attacks such as FreeMilk, PoohMilk, Johar said, “As of now the actors behind this attack have not been identified. However, the security researchers have found out that “PoohMilk” tool has been previously used in January 2016 in which the phishing emails were disguised as a security patch.”

It is noteworthy to know, that attackers also attempted to distribute “Freeniki” in an August 2016 watering-hole attack on an anti-North Korean government website by defectors in the United Kingdom

How does this affect India?

Due to the massive number inactive, un-patched and outdated windows machines especially in the government & small-medium scale organisations, these series of attacks can be deadly for India. All machines that aren’t updated with the patch that was released in April are at a severe risk and can aid cyber criminals and state actors in gaining access to even the most sophisticated networks.

9 key points  to Stay Safe from FreeMilk & PoohMilk Cyber Attacks

FOR CONSUMERS

1. Use the latest Operating System.
2. Make sure automatic updates are enabled, and downloaded regularly.
3. Ensure Firewall is enabled to block all network based attacks.
4. Never Click/Download anything on Emails from untrusted sources. Make sure the mail is from a trusted party, only then download the attachments.
5. Use a proper, regularly updated Antivirus. 

FOR ORGANISATIONS

6. Latest patches must instantly be deployed across the company.
7. All pirated / un-patched / outdated devices to be removed (read unplugged) from the network instantly.
8. Employees to be trained to detect and protect against Phishing and other such scams.
9. Antiviruses ensured to be in place and updated.

More Stories from Faiz Askari on SMEStreet

Related articles across the web

• Hacking warning: Kim Jong-un's henchmen to step up cyber attacks and target City of London
• Deloitte hit by cyber attack