[et_pb_section bb_built=”1″ admin_label=”section”][et_pb_row admin_label=”row” background_position=”top_left” background_repeat=”repeat” background_size=”initial”][et_pb_column type=”4_4″][et_pb_text background_layout=”light” text_orientation=”left” use_border_color=”off” border_color=”#ffffff” border_style=”solid” background_position=”top_left” background_repeat=”repeat” background_size=”initial”]
In 2015, we observed an increase of macro-based malware along with the spike in spam volume. The majority of the macro-based attacks often start with spammed messages containing attachments such as Microsoft Word document and Excel files. These messages often use attention-grabbing topics, mostly related to finances, such as remittance and invoices for services.
Macro malware, as we have seen throughout the past year or so, is experiencing a revival of sorts, driven by social engineering. Thought to have been banished in the early 2000s, macro malware is proving to everyone that old threats die hard.
[/et_pb_text][et_pb_text background_layout=”light” text_orientation=”left” use_border_color=”off” border_color=”#ffffff” border_style=”solid” background_position=”top_left” background_repeat=”repeat” background_size=”initial”]
What are macros?
[/et_pb_text][et_pb_text background_layout=”light” text_orientation=”left” use_border_color=”off” border_color=”#ffffff” border_style=”solid” background_position=”top_left” background_repeat=”repeat” background_size=”initial”]
Macros are a set of commands or code that are meant to help automate certain tasks, most often used in software such as Microsoft Excel or Word but recently the bad guys have yet again been utilising this heavily to automate their malware-related tasks as well.
[/et_pb_text][et_pb_text background_layout=”light” text_orientation=”left” use_border_color=”off” border_color=”#ffffff” border_style=”solid” background_position=”top_left” background_repeat=”repeat” background_size=”initial”]
What happens when the user opens an attachment and enables macros?
[/et_pb_text][et_pb_text background_layout=”light” text_orientation=”left” use_border_color=”off” border_color=”#ffffff” border_style=”solid” background_position=”top_left” background_repeat=”repeat” background_size=”initial”]
Most documents that carry macro-based ransomware include some sort of explanation or excuse to encourage you to ‘enable editing’ and change your security settings – often, ironically, under the guise of improving security somehow.
Enabling macros in this instance will have the allow the PC to run the code and download the Ransomware as an EXE (Windows program) file, and run it.
[/et_pb_text][et_pb_text background_layout=”light” text_orientation=”center” use_border_color=”off” border_color=”#ffffff” border_style=”solid” background_position=”top_left” background_repeat=”repeat” background_size=”initial”]
[/et_pb_text][et_pb_text background_layout=”light” text_orientation=”left” use_border_color=”off” border_color=”#ffffff” border_style=”solid” background_position=”top_left” background_repeat=”repeat” background_size=”initial”]
To combat macro malware, Microsoft built a permission-based step for enabling macros that serves as a double check. Microsoft Office now disables all macros by default, so macros cannot run without the user’s permission.
The most likely outcome for this type of threat is that the malware will attempt to encrypt all data it can access. This type of malware is termed as Ransomware, and will attempt to encrypt all data the PC or users have access to and render it useless. It will then typically change the user’s desktop with a ransom notice requesting payment in order to receive the key enabling you to unencrypt your data.
[/et_pb_text][et_pb_text background_layout=”light” text_orientation=”left” use_border_color=”off” border_color=”#ffffff” border_style=”solid” background_position=”top_left” background_repeat=”repeat” background_size=”initial”]
Security tips
[/et_pb_text][et_pb_text background_layout=”light” text_orientation=”left” border_style=”solid” background_position=”top_left” background_repeat=”repeat” background_size=”initial” _builder_version=”3.0.53″]
- Ensure your accounts don’t all have admin rights or access to data they don’t need to have at all times.
- Disable Macros wherever possible
- Use great caution when opening attachments, especially when those attachments carry the .doc or .xls extension.
- Never open unsolicited emails or unexpected attachments—even from known people.
- Implement a robust patching/update cycles on all IT hardware to keep them patched against known vulnerabilities
- If you have mail filters, have it block dangerous file types (e.g. zip files)
- Consider disabling USB ports unless they are essential
- Backup, image based are the best type, but files if nothing else
[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row background_position=”top_left” background_repeat=”repeat” background_size=”initial”][et_pb_column type=”4_4″][et_pb_text background_layout=”light” text_orientation=”left” use_border_color=”off” border_color=”#ffffff” border_style=”solid” background_position=”top_left” background_repeat=”repeat” background_size=”initial” _builder_version=”3.0.53″]
Being aware of the types of cyber scams is also the best way to prevent being a victim. Test your knowledge in our 10-question Quiz “Are you the weakest link?” to see your ability to stay safe in today’s tech-driven world.
[/et_pb_text][et_pb_text background_layout=”light” text_orientation=”center” use_border_color=”off” border_color=”#ffffff” border_style=”solid” background_position=”top_left” background_repeat=”repeat” background_size=”initial”]
[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section bb_built=”1″ fullwidth=”off” specialty=”off”][et_pb_row background_position=”top_left” background_repeat=”repeat” background_size=”initial”][et_pb_column type=”4_4″][et_pb_post_nav in_same_term=”on” hide_prev=”off” hide_next=”off” title_font_size=”16px” title_text_color=”#0c71c3″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” /][/et_pb_column][/et_pb_row][/et_pb_section]