One of the best ways to infect a PC has, until now, been through Office macros. But, now that they’re disabled by default, what are the hackers going to do?
The numbers of hacks that have involved Office macros over the last 20 years is mindboggling. And they have involved some major attacks, such as ThreatNeedle, during this period. Accordingly, Microsoft decided that 2022 would be the year the security risk of macros was put to bed once and for all. This, as you would imagine, has put a major thorn in the side of hackers. Nonetheless, hackers are as determined as they are malicious. Therefore, they have had to refine their attack strategies and adopt new methods.
And it’s crucial that you know what they have up their sleeves.
How Have Hackers Adapted their Attacks?
Now the exploits offered by internet macros have been greatly diminished, hackers have evolved their techniques to maintain a sting in their tail.
Most notably, a significant rise in container-based attacks has been observed, but what are container-based attacks? Well, container files are any files which allow multiple data sources to be embedded in one file e.g. a .zip or .rar file can contain numerous files which are all compressed into one ‘container’ file. So, a threat actor could, for example, deliver a .zip file packed full of malware as an email attachment.
HTML smuggling has also been adopted as a popular alternative to Office macros. This form of attack involves a threat actor ‘smuggling’ infected scripts into web pages and/or associated HTML attachments. All it takes for the scripts to be activated on a victim’s PC is for the HTML to be loaded into their browser. Therefore, simply visiting a website is enough to download and activate malware, and the innocent party would have no idea an attack was unfolding in front of them.
Another increase in popularity has been noted in the form of infected .lnk files. These are files which act as shortcuts/links and, while they can be used to direct users to safe URLs, they have the potential to forward victims onto malicious websites and initiate unsafe downloads.
How Can You Keep Pace With These Techniques?
You may be able to breathe slightly easier now that macros have been disabled by default, but you need to remain alert. Make sure you counter the new threats above by practicing the following:
- Always be wary of attachments: any email attachment should still receive the same amount of scrutiny. Regardless of whether it’s from a colleague or an unknown sender, there’s a risk that it may be malicious. So, before you open any attachment, evaluate how genuine it is and, if any doubt remains, refer it to your IT team to take a closer look.
- Make sure websites are safe: most modern security suites will evaluate websites before your browser loads them up. For example, if a website is deemed malicious, your security suite should prompt you to confirm if you wish to continue. However, the presence of any prompt should immediately ring alarm bells. And, as you’ve probably guessed, it’s best to get any red flags verified by an IT professional before proceeding.
For more ways to secure and optimize your business technology, contact your local IT professionals.