Malicious office documents: The latest trend in cybercriminal exploitation

Cyberattacks have surged in the course of the coronavirus pandemic as criminals rake in bountiful ransomware payouts. Malicious workplace docs have been on the rise for months, per a brand new report.


Picture: GettyIMages/South_agency

Cyberattacks have elevated over the past yr as criminals rake in document ransomware payouts. In keeping with a latest AtlasVPN report, malicious workplace paperwork are the newest pattern in cybercriminal habits; a well timed technique as firms pause workplace reentry plans and proceed to work remotely as a consequence of COVID-19. So, how does this cyber-ruse work?

“Despite the fact that infecting workplace paperwork with malware has been established for a very long time, it’s nonetheless very profitable at tricking folks,” stated William Sword, Atlas VPN cybersecurity researcher, in a weblog put up concerning the findings. “After making a malicious macro on workplace paperwork, menace actors ship the contaminated file to 1000’s of individuals through e mail and watch for potential victims. Macro is a collection of instructions bundled collectively to perform a job mechanically.”

Distant work and malicious workplace paperwork

Total, the Atlas VPN findings had been decided utilizing Netskope Risk Labs’ July Cloud and Risk report and “numerous workplace paperwork from all platforms” together with Microsoft Workplace 365, Google Docs, PDFs and others. In keeping with AtlasVPN, malicious workplace paperwork represented almost half of all malware downloads (43%) within the second quarter of this yr, up from 34% in each the primary quarter of this yr and the fourth quarter of 2020. As Sword defined within the put up, “dangerous workplace information are standard amongst cybercriminals as they normally can evade many antivirus software program from detection.”

SEE: Safety incident response coverage (TechRepublic Premium)

Within the third quarter of 2020, malicious workplace paperwork represented 38% of all downloaded malware, in line with Atlas VPN, in comparison with 14% within the second quarter of 2020 and 20% within the first quarter of final yr. Discussing the surge between the second and third quarters of final yr, Sword stated this enhance “was primarily influenced by distant work as cybercriminals discovered malware-infected paperwork to be efficient.”

WFH cybersecurity challenges

On the onset of COVID-19, firms switched to distant operations nearly in a single day. The transition en masse introduced new cybersecurity challenges as distant staff go surfing for the workday through their residence networks and a mixture of private and firm gadgets.

“When the shift to distant and hybrid work occurred, the malware that was on workplace networks shifted to staff’ networks at residence,” stated Stephen Boyer, the chief know-how officer at BitSight.

In comparison with company networks, Boyer stated residence networks are exponentially extra seemingly (3.5 occasions) to “have not less than one household of malware,” citing firm analysis, including that residence networks are 7.5 occasions extra more likely to have a minimal of “5 distinct households of malware.”

“It is simpler, and even trivial, for attackers to distribute malware when companies are working remotely, as a result of staff haven’t got the identical stage of cybersecurity protections on their networks or gadgets,” Boyer stated. “The flexibility to detect and reply to [threats] on residence networks is subsequent to zero, so the extent of sophistication and evasion wanted for a profitable malware assault is way decrease than it was earlier than the pandemic.”

SEE: The best way to handle passwords: Finest practices and safety ideas (free PDF) (TechRepublic)

In latest months, quite a lot of firms began their workplace reentry plans after greater than a yr of distant work, however the rise of the delta variant and surging instances has delayed these timelines. Within the interim, firms could must take proactive strikes to shore up their prolonged networks; particularly as attackers tailor their most popular assault strategies.

In keeping with a July Barracuda Networks report, the typical group will face greater than 700 social engineering cyberattacks yearly. Amongst social engineering assaults analyzed by Barracuda researchers, phishing represented 49%, adopted by scamming (39%), BEC (10%) and extortion (2%).

“By inserting dangerous macros into Phrase or PDF paperwork, menace actors have profited from victims falling for his or her phishing assaults,” Sword stated. “Cybersecurity training and coaching is the important thing to guard your self and even your group from such threats.”

Moreover, Sword emphasised the significance of sustaining gadgets “from a technological standpoint” and guaranteeing these things are outfitted with software program safety and updated.

Additionally see

Recent Articles


Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Stay on op - Ge the daily news in your inbox