How a simple office prank can lead to serious damage

Collaboration tools can become a vector for malware propagation.

Harry had been raising hell for about ten minutes already. He had a habit of finding fault in everything, from the signature in a letter not following the template to papers being stacked improperly. But today, in fairness, his complaints had some merit: John had failed to send a draft report yesterday. Nevertheless, he didn’t have to yell. After all, no one would have been around to open it the previous evening.

John knew he didn’t have a leg to stand on. After all, Harry had written up the system administrator the previous month for leaving cables lying messily on her desk. He said that everything must be kept orderly! The system administrator had picked up those cables, thrown them on Harry’s desk, and resigned on the spot. Good for her, John thought, but I can’t afford to do that. Instead, he listened patiently while his boss — face flushed, shaking with anger — dressed him down.

“What a ridiculous man,” John thought afterward, as his boss went back into his office. It ruined his mood for the entire rest of the day. He felt utterly demoralized.

An alert from his IM client caught his attention: Mark, who was sitting at the next table, had sent a link to the corporate OneDrive.

“What’s that?” John sent back.

“Open it and find out ;)”

“I am not in the mood.”

“Just open it and you’ll feel lot better :))))”

So, John followed the link. The folder contained a PowerPoint file, so John clicked on the filename to open it. The presentation was just a single slide with a video loop. A twitching little man walked across the screen and cursed at all the objects that he encountered along the way. Over the man’s head, speech bubbles appeared in which he cursed at the table because it was flat, at the fire extinguisher because it was red, and so on. Then he angrily kicked the office chair right out of the frame, and then he again walked past the table. The man’s hairstyle made it very clear which real-life personage had inspired the caricature. It was silly. But funny.

“Where did you get this? Did you make it yourself? :)”

“Search me. I don’t know who made it, but it’s been going around the office for about two weeks now.”

“I just hope Harry doesn’t see it. I wonder who created it.”

“Well, about half the company is mad at him.”

Silly or not, the animation had lightened his mood, and by the end of the day John was feeling a lot better.

But the next day, the entire company faced a terrible surprise. The building was on lockdown, but crawling with strangers from a forensics company who were removing hard drives from computers.

John tried to remember if anything peculiar had happened to his computer. Nothing came to mind except that video — something was unusual with the way Mark sent it. The company had blocked social media a while back, so the team usually shared memes over e-mail. He had never used OneDrive before. John approached Mark.

“Listen, I wanted to ask you. Why did you send me that presentation using OneDrive instead of e-mail?”

“What presentation? Oh, I know what you’re talking about. I think the first person who tried to send it by e-mail got an error, so everyone just switched to IM and OneDrive.”

“What kind of error?”

“How should I know?”

A day later, the experts gave their verdict: It was a wiper attack. An attacker had created a malicious file and disguised it as a silly animated video clip. Apparently, it was an insider. Thanks to his understanding of the team’s psychology, the file was sent all over the network and ran on about half of the workstations in the company. Then, on the boss’s birthday, the malware activated and destroyed all of the data it could, including on both local hard drives and network drives connected as local folders.

Malware doesn’t need a malicious insider to spread across a corporate network — just careless employees and insecure file storage. Employees may not think about security when transferring files using work tools, either. After all, the platforms are reliable and proven, right?

As it turns out, not necessarily.

That is why the new version of Kaspersky for Office 365 adds a system that scans the files employees load onto the corporate OneDrive, so you can prevent that means of spreading malware from one workstation to another. Learn more and sign up for a trial version of the Kaspersky for Office 365 here.

Tips