Re­search Re­port - 2 .................................

Banking Frontiers - - Contents -

Of­fice doc­u­ments, like Ex­cel spread­sheets, may con­tain pseu­doex­e­cutable code, in the form of a Mi­crosoft Of­fice “macro,” or it may carry an ex­ploit against one or more known se­cu­rity vul­ner­a­bil­i­ties that affect Ex­cel. A re­search study by Sophos ti­tled SophoLabs 2019 Threat Re­port, re­veal that while Of­fice doc­u­ments have been at the cen­ter of at­tacks for sev­eral years, most of them re­quire the user to ac­ti­vate the macro script­ing code em­bed­ded in the doc­u­ments. At­tack­ers spent a con­sid­er­able amount of ef­fort to craft and re­fine doc­u­ments that prompt vic­tims to take spe­cific steps to dis­able pro­tec­tions de­signed to thwart ma­li­cious macro scripts, finds the study, which also points out that even though the Of­fice suite throws sev­eral cau­tion­ary prompts in the user’s path, peo­ple can still be con­vinced to en­able script­ing or turn off `pre­view mode’ for Of­fice doc­u­ments that orig­i­nated in an in­ter­net down­load or an email at­tach­ment.

Says the study: “Some or­ga­ni­za­tions or en­vi­ron­ments have been forced to use Group Pol­icy ob­jects to com­pletely dis­able the macro script­ing com­po­nents within the Of­fice suite and to ren­der the set­tings not mod­i­fi­able by users in or­der to pre­vent ac­ci­den­tal or prompted ex­e­cu­tion of ma­li­cious macro scripts. But even that is not

enough to guarantee that Of­fice doc­u­ments are ren­dered in­ert.”

It cau­tions that crim­i­nals use spe­cial tools, called Builders, which know how to write the hos­tile ex­ploit code or macro into the doc­u­ment file. In the past 12 months, Builder mak­ers have made a shift away from older ex­ploits, some of which had been in use for many years.

The re­port main­tains that at­tack­ers have ramped up their use of novel ex­ploits against weak­nesses in Ex­cel and other Of­fice ap­pli­ca­tions to de­liver a broad range of mal­ware types, such as ran­somware or key­log­gers. “A class of vul­ner­a­bil­i­ties in the Equa­tion Ed­i­tor, a com­po­nent of Ex­cel in­stalled by de­fault, can be in­voked just by open­ing a spread­sheet, and sub­ject you to an in­fec­tion. There’s no macro script­ing that needs to be en­abled; The at­tack is al­ready un­der­way and fin­ished of­ten in less time than it took you to read this sen­tence,” the study em­pha­sizes.

It also says Mi­crosoft was aware of these vul­ner­a­bil­i­ties and pub­lished up­dates in mid-2017 to var­i­ous Of­fice suite prod­ucts to pre­vent their ex­ploita­tion, but not ev­ery­one gets ev­ery up­date, and even if they do, some or­ga­ni­za­tions de­lay the de­ploy­ment of up­dates in or­der to per­form tests.

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.