There is a weakness in the Microsoft Office suite that’s well tested by hackers and most people are knowledgeable about, but it still creates a lot of damage.
This weakness is in the macro feature, which allows for malicious Visual Basic scripts to be embedded in MS Office documents, leading to data leaks and ransomware attacks. According to Cofense, Office macros are the most popular mechanism of delivery, accounting for 45% of the cases of infections. They’re even more popular than PowerShell scripts and WSC downloaders.
To make things even more serious, attacks delivered by macros are no of low-intensity. It seems that the worst types of malware (such as Chanitor, GandCrab, or Geodo) can be easily introduced in your IT network using Office macros.
Why Do We Still Use Macros?
Macros are quite effective in introducing a wide range of features in various MS Office items, and many organizations rely on them for day-to-day tasks. As a result, they’re difficult to disable and (in most cases) are enabled by default on a computer. If not, it only takes one click and they become active, which allows for the beginning stages of an attack to be set in motion.
Even more, if the macros are already enabled, the user won’t even receive a warning that they just opened a malicious document. Of course, warnings are not highly effective as they can be easily ignored (which tends to happen more often than not).
The victim of a ransomware attack usually receives an email with an office document attached, which is quite common in the business world. However, the document may contain a malicious macro, which will start functioning as soon as the document is opened if the macros are enabled on the computer.
How to Protect your Business
If upon reading this you feel like completely giving up MS Office, let us tell you this is not the solution. Most businesses today use this package to create all sorts of documents, and not using it, usually means alienating yourself from partners and possible clients.
The solution stands in applying several security strategies that allow a thorough control of documents received from unknown senders. Also, it’s important to educate your staff in IT security, so they will be able to recognize a problem and notify the people who can solve it right away.
Ask your network administrators and IT specialists to apply a layered approach since just an antivirus solution is usually not effective against ransomware. But, by providing an antivirus solution combined with several other layers of protection reduces the vulnerability of your computers or servers.
For more information, please read this white paper on how to apply layered security: https://www.onsitehelper.com/resources/whitepaper-layered-security-business/#cloud_phones_box1.
If you don’t know who to call for advice and help, the Onsite Helper team of experts is at your disposal. Give us a call/send us an email today and we’ll talk about your problem!