Recently, researchers have discovered that cyberattacks due to malicious office docs that have been on the rise for months. Read on to know more about it…
As threat actors rake in unprecedented ransomware rewards, cyberattacks have surged over the last year. Malicious office documents are the latest trend in cybercriminal behaviour, according to a recent AtlasVPN report; a timely strategy as enterprises stop office reintegration preparations and continue to operate remotely owing to COVID-19 pandemic. So, how exactly does this exploitation work?
Working Mechanism
William Sword, Atlas VPN Cybersecurity Researcher, stated in a blog post about the findings, “Even though infecting office documents with malware has been established for a long time, it is still very successful at tricking people,”
“After creating a malicious macro on office documents, threat actors send the infected file to thousands of people via email and wait for possible victims. Macro is a series of commands bundled together to accomplish a task automatically.”
“By inserting harmful macros into Word or PDF documents, threat actors have profited from victims falling for their phishing attacks,” Sword said. “Cybersecurity education and training is the key to protect yourself or even your organization from such threats.”
Remote Working Factors
On the whole, the Atlas VPN findings were based on the Netskope Threat Labs’ July Cloud and Threat report and “various office documents from all platforms” including Microsoft Office 365, Google Docs, PDFs and others. Malicious office documents accounted for nearly half of all malware downloads i.e. 43 percent in the second quarter of this year, up from 34 percent in both the first quarter of this year and fourth quarters of 2020, according to AtlasVPN.
“harmful office files are popular among cybercriminals as they usually can evade many antivirus software from detection.”, as Sword explained in the post,
According to Atlas VPN, malicious office documents accounted for 38 percent of all downloaded malware in the third quarter of 2020, compared to 14 percent in the second quarter of 2020 and 20 percent in the first quarter of last year. Sword said the spike occurred between the second and third quarters of last year “was mainly influenced by remote work as cybercriminals found malware-infected documents to be effective.”
WFH Security Challenges
Companies resorted to remote operations very immediately after COVID-19 began. As remote employees log on for the workday via their home networks and a mix of personal and company devices, the mass transition brought new cybersecurity challenges.
Stephen Boyer, the Chief Technology Officer (CTO) of BitSight, said “When the shift to remote and hybrid work happened, the malware that was on office networks shifted to employees’ networks at home,”
According to Boyer, home networks are 3.5 times more likely than corporate networks to “have at least one family of malware,” and added that home networks are 7.5 times more likely to have a minimum of “five distinct families of malware” citing company research.
Boyer said “It’s easier, and even trivial, for attackers to distribute malware when businesses are operating remotely, because employees don’t have the same level of cybersecurity protections on their networks or devices,”
“The ability to detect and respond to [threats] on home networks is next to zero, so the level of sophistication and evasion needed for a successful malware attack is much lower than it was before the pandemic.”
Several firms have begun their office comeback plans after more than a year of remote work in recent months, but the global development of the delta variant of Corona virus and increasing cases has caused these deadlines to be pushed back. Companies may need to take proactive measures to secure their extended networks in the meantime, especially as attackers customise their favoured attack methods.
According to a Barracuda Networks analysis released in July, the average firm will be subjected to over 700 social engineering cyberattacks every year. Phishing accounted for 49 percent of social engineering attacks analyzed by Barracuda researchers, followed by scamming (39 percent), BEC (10 percent), and extortion (2 percent).
Mitigation
Microsoft said that users must keep Microsoft Defender Antivirus and Microsoft Defender for Endpoint updated and running in order to identify the vulnerability and prevent infection. It also suggests turning off all ActiveX controls in Internet Explorer to make it inactive for all websites. The security alert from Microsoft includes instructions on how to do that, which include upgrading IE’s registry and rebooting the computer.