However recently it seems that there has been a surge in the macro exploiting malware targeting Microsoft Office. It was actually a booby trapped Excel spreadsheet that enabled hackers to cripple the Ukrainian power plant causing widespread power outages in the first documented successful attack on a public service utility.
The rise in macro attacks has been attributed to a few things – namely the improved security of the old standby attack methods through things like Flash. These holes are being patched better and more quickly, and so hackers are returning to macros as a path of least resistance.
Since macros are turned off by default, hackers have had to get crafty with the targets in order to trick them into turning macros on. Oftentimes this will be accomplished by making the document text appear “blurry” and promising the user that turning on macros will help to improve clarity or make the document legible. And it seems to work – many victims are being fooled by this ploy into turning on macros, which then creates a huge vulnerability within their computer.
Two exploits are making the rounds using these new tricks; Dridex and Locky. Locky is a particularly nasty strain of crypto ransomware that locks up files in exchange for a monetary “ransom”, and Dridex is a banking malware that appeared in 2014.
So what can users and businesses do in order to prevent falling victim to these new malwares? First of all education is key – now that you’ve read this article you’ll probably be much less likely to turn on macros just because some document told you to. You should educate all employees in any way that you can to AVOID any suspicious documents from unknown senders, and tell them that under no circumstances should they turn on macros.
This brings us to our most important point: the best defenses against malware and spyware and the like are knowledge and education and a good backup plan. Using online cloud backups is a no-brainer way of keeping all of your files stored in a secure, off-site location. This is insurance against any hacking that may happen in the event of an emergency.