One of the best ways to infect a PC has, until now, been through Office macros. But, now that they’re disabled by default, what are the hackers going to do?

The numbers of hacks that have involved Office macros over the last 20 years is mindboggling. And they have involved some major attacks, such as ThreatNeedle, during this period. Accordingly, Microsoft decided that 2022 would be the year the security risk of macros was put to bed once and for all. This, as you would imagine, has put a major thorn in the side of hackers. Nonetheless, hackers are as determined as they are malicious. Therefore, they have had to refine their attack strategies and adopt new methods.

And it’s crucial that you know what they have up their sleeves.

How Have Hackers Adapted their Attacks?

Now the exploits offered by internet macros have been greatly diminished, hackers have evolved their techniques to maintain a sting in their tail.

Most notably, a significant rise in container-based attacks has been observed, but what are container-based attacks? Well, container files are any files which allow multiple data sources to be embedded in one file e.g. a .zip or .rar file can contain numerous files which are all compressed into one ‘container’ file. So, a threat actor could, for example, deliver a .zip file packed full of malware as an email attachment.

HTML smuggling has also been adopted as a popular alternative to Office macros. This form of attack involves a threat actor ‘smuggling’ infected scripts into web pages and/or associated HTML attachments. All it takes for the scripts to be activated on a victim’s PC is for the HTML to be loaded into their browser. Therefore, simply visiting a website is enough to download and activate malware, and the innocent party would have no idea an attack was unfolding in front of them.

Another increase in popularity has been noted in the form of infected .lnk files. These are files which act as shortcuts/links and, while they can be used to direct users to safe URLs, they have the potential to forward victims onto malicious websites and initiate unsafe downloads.

How Can You Keep Pace With These Techniques?

You may be able to breathe slightly easier now that macros have been disabled by default, but you need to remain alert. Make sure you counter the new threats above by practicing the following:

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Defense firms in over a dozen countries have found themselves targeted by a new backdoor threat named as ThreatNeedle. And it’s hitting firms hard.

The last thing that a defense firm wants is for their networks to be breached. Not only does it damage their reputation as a defense firm, but it puts significant data at risk. Hackers, of course, love to cause trouble, so a defense organization is the perfect target. But the hackers behind the ThreatNeedle malware are more than just a minor hacking group. The threat is believed to come from Lazarus, a secretive hacking group with ties to the North Korean government.

As this is a major threat we’re going to put ThreatNeedle under the microscope for a closer look.

What is ThreatNeedle?

ThreatNeedle takes a spear phishing approach to begin its campaign and does this by faking email addresses that look as though they belong to the target company. This move, which is relatively easy with an email server and the right software, allows the victims to be lulled into a false sense of security. This scenario is then exploited by embedding malicious links or attaching infected documents. Often, these emails have been laced with a COVID-19 theme in order to fully engage the user, but any subject may be used to rush the recipient into action.

The attackers, once the ThreatNeedle payload has been unleashed, are then able to take control of the victim’s PC. Naturally, this means that they will carry out typical hacking attacks such as:

  • Executing remote commands to run applications and download further malware
  • Send workstations into hibernation mode to disrupt IT activities
  • Log data and transmit to a remote PC where it can be archived and exploited

However, ThreatNeedle also has an innovative ace up its sleeve. Generally, if a network is segmented then malware will be limited to the segment it infects. This limits the amount of damage that can be caused to an entire network. So, for example, a set of PCs which are not connected to a network by the internet should be safe from all hacks. Unfortunately, ThreatNeedle is able to take advantage of IT department’s administrator privileges. This grants them the opportunity to access all segmented areas of a network. And it maximizes the damage they can cause.

How Do You Protect Against ThreatNeedle?

As with all malware, you don’t have to fall victim to ThreatNeedle. You just need to keep your wits about you and understand its threat. You can do this by carrying out the following:

  • Educate Staff on Phishing Emails: It’s important that your staff are fully trained on the dangers of phishing emails. Social engineering is a popular technique employed by hackers, but it can be thwarted if you know what to look for.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More