Amidst a major rise in zero-day malware attacks in Q4 2017, researchers have observed how hackers are increasingly using Microsoft Office documents as carriers to deliver malicious payloads in enterprise systems while using phishing techniques to trick employees into downloading and opening malicious attachments in emails.
The latest Internet Security Report released by WatchGuard Technologies has revealed how hackers are increasingly exploiting issues within the Microsoft Office standard to execute code and to inject powerful malware into enterprise systems.
In fact, 'macro-less malware' attacks or Dynamic Data Exchange (DDE) attacks featured in the firm's list of top-ten malware attack types for the firm time and also grew by 33 percent compared to the previous quarter. Two other hacking techniques that leveraged Microsoft Office weaknesses also featured in the list for the first time.
Commenting on the report's findings, Andy Norton, director of threat intelligence at Lastline, told SC Magazine UK that it is quite difficult nowadays for employees to detect if a Microsoft Word document is malicious or not as cyber-criminals are using new techniques to weaponise such documents.
"The attacks abuse features in MS Office documents such DDE or Scriptlets. The ruse is often "this document is protected, enable editing to view content". So, in a percentage of cases, the user enables editing and in doing so starts the infection chain.
Corey Nachreiner, chief technology officer at WatchGuard Technologies, said that the report has reiterated how cyber-criminals are continuing to leverage sophisticated, evasive attacks and resourceful malware delivery schemes to steal valuable data.
"Although these criminal tactics may vary over time, we can be certain that this broad trend will persist, so the risks have never been greater for small and midsize organisations with less IT and security resources," he said.
How to protect your organisation from these threats?
According to Nachreiner, businesses must proactively mitigate these threats with layered security services, advanced malware protection and employee education and training in security best practices.
Steve Malone, director of security product management at Mimecast, told SC Magazine UK that "organisations need multiple layers of security checks at the gateway, including deep-file inspection, sandbox analysis and conversion to safe formats. Email management policies can also hold suspicious files for administrator review or warns users to apply more caution. Timely patches to endpoint security and detailed employee training can help bolster the last lines of defence.”
According to Norton, several enterprises are now "inserting a layer of behavioural intelligence between the attackers and the user" to inspect attachments in emails and prevent their employees from being phished.
"This behavioural intelligence would detonate the document in an instrumented environment and record the attack, witnessing PowerShell opening network connections and downloading secondary payloads, that then steal passwords and record key strokes, then making a security decision to block the delivery of the document.
"This takes the emphasis away from the user in being the last line of defence against this type of attack. Without behavioural intelligence it would not be possible to produce security trend reports like this one," he added.