Threat Coverage

Jun 13, 2017

Hacker’s Playbook Updated with PowerPoint Mouse-over Methods


SafeBreach Labs has updated the Hacker’s Playbook™ with simulations for Microsoft PowerPoint slideshows which contain malicious mouse-over hyperlinks. Customers can use these simulations to safely test their security controls against the specific tactics and techniques used in campaigns that leverage malicious mouse-over links within PowerPoint files.

The breach simulates an infiltration method which uses a Microsoft PowerPoint slideshow containing a malicious mouse-over hyperlink. When the user needs hovers their mouse over the hyperlink, a PowerShell script is initiated, which attempts to download and execute malware.

To assess security control effectiveness against this new mouse-over infection method, the SafeBreach Continuous Security Validation Platform specifically tests the following endpoint and network security controls:

Playbook #1323 – Malicious PowerPoint with mouse-over downloader

  • Endpoint controls – Are controls in place that prevent the execution of a PowerShell script which is kicked off after mousing over a malicious link?
  • Network and endpoint controls – Are controls in place to stop the malware payload from being downloaded, installed or run?\

The SafeBreach Hacker’s Playbook™ of breach methods simulates these breach scenarios, and thousands more, without impacting users or infrastructure. Breach methods are constantly updated by SafeBreach Labs, our team of offensive security researchers, to help keep customers ahead of attacks.

Get the latest
research and news