Last updated on April 7th, 2021
Exploiting Microsoft Office macros is still the most common method to infect computers with malware, security researchers have confirmed.
Security researchers at Proofpoint found that 1 in 10 attacks specifically target vulnerabilities in Microsoft Office macros to deliver malware to a victim’s computer. We explain what this means and how you can avoid falling victim to this scam.
One thing you’ll hear us and anyone in cybersecurity warning against is opening up email attachments, even if the email appears to come from someone you know or trust. Scammers can easily spoof the sender’s details to anything they want, and they can also use creative stories to lure a recipient into opening an attachment. We call that social engineering.
But many people still do open email attachments, and are more likely to if they see an attachment is, for example, a Microsoft Word or Microsoft Excel file. Because Word and Excel are legitimate programs, many believe such files can’t be used to initiate a malware infection. But that’s wrong. They can and are used to spread malware.
And that’s because of macros. These are small files embedded in Office documents (like Word or Excel) that contain a series of automated commands that help the Office software complete certain tasks. However, the vulnerability of macros lies in the fact that anyone can code them and embed them in a specific document. Even crooks. A second vulnerability is that they can be coded to download content from the Internet. Yes, that means malware.
So the Office document itself wouldn’t be considered malware. But it is a malware loader. It downloads the malware from the Internet.
Because macros are such a risk in this way, Microsoft disables them automatically when it detects a document arrived from the Internet. But when a user opens a document, the document will ask the user if they want to enable certain content (messages like the one below.) Enabling it will enable macros, which then puts a computer at risk.
This makes it harder for malware crooks, who now not only have to persuade a recipient to open an email attachment in the first place, but also to trick them to enable content in a security warning that appears once the document is open.
Sponsored Content. Continued below...
But research suggests that crooks are still managing by incorporating this security warning in their social engineering techniques. (i.e. telling a victim that they must enable content.)
It’s definitely past time we made this type of attack obsolete. And because we have two lines of defense, we should be able to do that.
First line of defense: Don’t open email attachments unless you were specifically expecting something to be sent to you at a specific time. And remember, even Office documents can be dangerous.
Second line of defense: If you do open an Office document that was sent via an email attachment, and now you’re being told to enable content (i.e. enable macros) – don’t do it!
Spreading this simple information can help us stop the most method crooks utilise to spread malware.
