print   email   Share

How A Microsoft Word Document Is Used To Deliver Malware

The Internet Security Report released recently by WatchGuard Technologies found that hackers are increasingly using Microsoft Office documents as carriers for malware.

Cybercriminals use phishing emails to tricking employees into downloading and opening the attached infected Microsoft Office document. This allows cybercriminals to deliver malicious payloads in enterprise systems.

Three types of attacks that take advantage of Microsoft Office vulnerabilities made it into the report's top ten malware attack types for the first time in 2017, including "macro­-less malware," or Dynamic Data Exchange (DDE), attacks.

The report also found an increase in zero-day malware attacks in the fourth quarter of 2017. "Malware attacks leveraging MS Word documents grew by 33% in Q4" www.scmagazineuk.com (Mar. 29, 2018).


Commentary

As noted in the article, a growing trend in cybercrime is infecting Microsoft Office documents with malware.

According to one expert, because cybercriminals are using new techniques to weaponize Microsoft Office documents, it has become more difficult for employees to tell if an attachment is malicious.

Organizations can use security software to mitigate the risk from infected email attachments. The director of security product management at Mimecast recommends that organizations consider deep-­file inspection, sandbox analysis, conversion to safe formats, and email management policies that hold suspicious files for administrator review or warn users before opening.

Using software that identifies potentially malicious attachments and prevents users from opening them means that organizations are not relying exclusively on employees to prevent malware infection. This is important because the majority of breaches are caused by human error.

However, organizations must still provide cybersecurity training to all employees on an as-needed basis. Cyber threats are constantly emerging, so annual training most likely will not be sufficient. Teach employees about how cybercriminals use attachments in phishing emails to infect networks and steal data. Train employees to use extreme caution before opening any email attachment and only open known and expected attachments, even if they know the user. If employees receive an unknown attachment from a known source, they should call the sender to confirm what the attachment is before opening it.

In many recent cyberattacks, the attached document says, “this document is protected, enable editing to view content.” When the user enables editing, he downloads the malware and infects the network. Train employees not to “enable editing” on attached documents.

Finally, your opinion is important to us. Please complete the opinion survey:
Username
Password

Keep me signed in

Forgot password?