Microsoft Office “Macro Hacks” On The Rise

In the late 1990’s when the internet as still a young thing, hacking into computers using vulnerable Microsoft Office macros was quite popular.  Macros are simply a set of instructions designed to operate in order without any need for user input.  They would secretly install malware on the unsuspecting users computers, opening them up to a host of vulnerabilities.  Eventually Microsoft turned off the automatic macro feature and so attacks that exploited that feature began to wane.  Attackers took to other routes such as vulnerabilities in Adobe Flash or Internet Explorer.

However recently it seems that there has been a surge in the macro exploiting malware targeting Microsoft Office.  It was actually a booby trapped Excel spreadsheet that enabled hackers to cripple the Ukrainian power plant causing widespread power outages in the first documented successful attack on a public service utility.

The rise in macro attacks has been attributed to a few things – namely the improved security of the old standby attack methods through things like Flash.  These holes are being patched better and more quickly, and so hackers are returning to macros as a path of least resistance.

Since macros are turned off by default, hackers have had to get crafty with the targets in order to trick them into turning macros on.  Oftentimes this will be accomplished by making the document text appear “blurry” and promising the user that turning on macros will help to improve clarity or make the document legible.  And it seems to work – many victims are being fooled by this ploy into turning on macros, which then creates a huge vulnerability within their computer.

Two exploits are making the rounds using these new tricks; Dridex and Locky.  Locky is a particularly nasty strain of crypto ransomware that locks up files in exchange for a monetary “ransom”, and Dridex is a banking malware that appeared in 2014.

So what can users and businesses do in order to prevent falling victim to these new malwares?  First of all education is key – now that you’ve read this article you’ll probably be much less likely to turn on macros just because some document told you to.  You should educate all employees in any way that you can to AVOID any suspicious documents from unknown senders, and tell them that under no circumstances should they turn on macros.

This brings us to our most important point: the best defenses against malware and spyware and the like are knowledge and education and a good backup plan.  Using online cloud backups is a no-brainer way of keeping all of your files stored in  a secure, off-site location.  This is insurance against any hacking that may happen in the event of an emergency.