Amidst a major rise in zero-day malware attacks in Q4 2017, researchers have observed how hackers are increasingly using Microsoft Office documents as carriers to deliver malicious payloads in enterprise systems.

Amidst a major rise in zero-day malware attacks in Q4 2017, researchers have observed how hackers are increasingly using Microsoft Office documents as carriers to deliver malicious payloads in enterprise systems while using phishing techniques to trick employees into downloading and opening malicious attachments in emails.

 

The latest Internet Security Report released by WatchGuard Technologies has revealed how hackers are increasingly exploiting issues within the Microsoft Office standard to execute code and to inject powerful malware into enterprise systems. 

 

In fact, ‘macro-less malware’ attacks or Dynamic Data Exchange (DDE) attacks featured in the firm’s list of top-ten malware attack types for the firm time and also grew by 33 percent compared to the previous quarter. Two other hacking techniques that leveraged Microsoft Office weaknesses also featured in the list for the first time.

 

Commenting on the report’s findings, Andy Norton, director of threat intelligence at Lastline, said that it is quite difficult nowadays for employees to detect if a Microsoft Word document is malicious or not as cyber-criminals are using new techniques to weaponise such documents. 

 

“The attacks abuse features in MS Office documents such DDE or Scriptlets. The ruse is often “this document is protected, enable editing to view content”. So, in a percentage of cases, the user enables editing and in doing so starts the infection chain.  

This article originally appeared at scmagazineuk.com



Source link

NO COMMENTS

LEAVE A REPLY