While cybercriminals are constantly looking for new ways to compromise IT systems, sometimes the old ways work just fine. Two cybersecurity vendors recently noted malware getting spread through a tried-and-true method: Microsoft Word documents.
It's likely the infected Word documents were distributed through email phishing or spear-phishing campaigns, Anomali said.
Meanwhile, cybersecurity vendor Netskope Threat Lab observed that 43% of all recent malware downloads were malicious office documents, including Microsoft Office, Google Docs, and PDFs. The Netskope Threat Lab Cloud and Threat Report from July found the percentage, from the second quarter of this year, was up from 34% in the first quarter and from 14% in the second quarter of 2020.
"Even though infecting office documents with malware has been established for a long time, it is still very successful at tricking people," Atlas VPN's blog commented. "After creating a malicious macro on office documents, threat actors send the infected file to thousands of people via email and wait for possible victims."
Other cybersecurity experts echoed Atlas VPN's perspective. The attacks coming through office documents still work because a significant percentage of email users will still open suspicious attachments, mainly if there's a targeted, social engineering pitch included, some said.
In addition to targeted emails, social media applications can target victims and distribute malware, said former CIA senior intelligence officer Peter Warmka.
"This is an old trick with new packaging," he told the Washington Examiner. "Today's professional human hackers have gravitated from using spam email to unique spear-phishing attacks delivered through social media."
In addition, many documents are now hosted in the cloud, with links in email and other delivery methods instead of attachments, noted Ron Gula, president of Gula Tech Adventures, a cybersecurity investment firm.
"All office document types have become more complex, and we now send them around with URLs for where they are hosted instead of the actual documents," he told the Washington Examiner. "This complexity makes it much harder to test them with antivirus or sandbox tools."
When a criminal organization targets an organization, it needs only one employee to be tricked into clicking on a link or downloading an attachment, he added. "The attack only has to work for one person in an organization, and the attack vector can be business email, personal email, Slack, Signal, Apple messaging, Facebook messaging, and many others," he said. "If a target gets an email they are expecting, they are more likely to click on it."
While malware-infected documents aren't new, many computer users ignore cybersecurity issues, added Alex Bodryk, CEO of Cyberlands, a penetration testing service. "People still tend to ignore anything that is not relevant to their core business activities, especially if they don't get punished for violations," he told the Washington Examiner.
In addition, most business users are flooded with emails. "By my subjective opinion, the average office worker receives at least 50 emails per day," he added. As a result, office workers don't have time to inspect each email "carefully" for potential problems.
Employee training remains a meaningful way to battle against these types of attacks, cybersecurity professionals said. Organizations should also keep their systems and office software patched and invest in network and endpoint monitoring and attack prevention technologies, Gula recommended.
Washington Examiner Videos
Original Author: Grant Gross
Original Location: Malware-loaded documents making a comeback