Malicious office documents: The latest trend in cybercriminal exploitation

3 years ago 289

Cyberattacks person surged during the coronavirus pandemic arsenic criminals rake successful bountiful ransomware payouts. Malicious bureau docs person been connected the emergence for months, per a caller report.

work.jpg

Image: GettyIMages/South_agency

Cyberattacks person accrued implicit the past twelvemonth arsenic criminals rake successful record ransomware payouts. According to a caller AtlasVPN report, malicious bureau documents are the latest inclination successful cybercriminal behavior; a timely strategy arsenic companies intermission bureau reentry plans and proceed to enactment remotely owed to COVID-19. So, however does this cyber-ruse work?

"Even though infecting bureau documents with malware has been established for a agelong time, it is inactive precise palmy astatine tricking people," said William Sword, Atlas VPN cybersecurity researcher, successful a blog station astir the findings. "After creating a malicious macro connected bureau documents, menace actors nonstop the infected record to thousands of radical via email and hold for imaginable victims. Macro is simply a bid of commands bundled unneurotic to execute a task automatically."

Remote enactment and malicious bureau documents

Overall, the Atlas VPN findings were determined utilizing Netskope Threat Labs' July Cloud and Threat study and "various bureau documents from each platforms" including Microsoft Office 365, Google Docs, PDFs and others. According to AtlasVPN, malicious bureau documents represented astir fractional of each malware downloads (43%) successful the 2nd 4th of this year, up from 34% successful some the archetypal 4th of this twelvemonth and the 4th fourth of 2020. As Sword explained successful the post, "harmful bureau files are fashionable among cybercriminals arsenic they usually tin evade galore antivirus bundle from detection."

SEE: Security incidental effect policy (TechRepublic Premium)

In the 3rd 4th of 2020, malicious bureau documents represented 38% of each downloaded malware, according to Atlas VPN, compared to 14% successful the 2nd 4th of 2020 and 20% successful the archetypal 4th of past year. Discussing the surge betwixt the 2nd and 3rd quarters of past year, Sword said this summation "was chiefly influenced by distant enactment arsenic cybercriminals recovered malware-infected documents to beryllium effective."

WFH cybersecurity challenges

At the onset of COVID-19, companies switched to distant operations virtually overnight. The modulation en masse presented caller cybersecurity challenges arsenic distant employees log connected for the workday via their location networks and a premix of idiosyncratic and institution devices.

"When the displacement to distant and hybrid enactment happened, the malware that was connected bureau networks shifted to employees' networks astatine home," said Stephen Boyer, the main exertion serviceman astatine BitSight.

Compared to firm networks, Boyer said location networks are exponentially much apt (3.5 times) to "have astatine slightest 1 household of malware," citing institution research, adding that location networks are 7.5 times much apt to person a minimum of "five chiseled families of malware."

"It's easier, and adjacent trivial, for attackers to administer malware erstwhile businesses are operating remotely, due to the fact that employees don't person the aforesaid level of cybersecurity protections connected their networks oregon devices," Boyer said. "The quality to observe and respond to [threats] connected location networks is adjacent to zero, truthful the level of sophistication and evasion needed for a palmy malware onslaught is overmuch little than it was earlier the pandemic."

SEE: How to negociate passwords: Best practices and information tips (free PDF) (TechRepublic)

In caller months, a fig of companies started their bureau reentry plans aft much than a twelvemonth of distant work, but the emergence of the delta variant and surging cases has delayed these timelines. In the interim, companies whitethorn request to instrumentality proactive moves to enactment up their extended networks; particularly arsenic attackers tailor their preferred onslaught methods.

According to a July Barracuda Networks report, the mean enactment volition look much than 700 societal engineering cyberattacks annually. Among societal engineering attacks analyzed by Barracuda researchers, phishing represented 49%, followed by scamming (39%), BEC (10%) and extortion (2%).

"By inserting harmful macros into Word oregon PDF documents, menace actors person profited from victims falling for their phishing attacks," Sword said. "Cybersecurity acquisition and grooming is the cardinal to support yourself oregon adjacent your enactment from specified threats."

Additionally, Sword emphasized the value of maintaining devices "from a technological standpoint" and ensuring these items are equipped with bundle extortion and up to date.

Cybersecurity Insider Newsletter

Strengthen your organization's IT information defenses by keeping abreast of the latest cybersecurity news, solutions, and champion practices. Delivered Tuesdays and Thursdays

Sign up today

Also spot

Read Entire Article