A recent article published in The Register has brought to light that Microsoft Office macros are still a viable infections vector that were recently leveraged by cybercriminals to conduct a week-long, large-scale malware attack against Office 365 users.
The attack began on 22 June 2016, with messages being sent to 57% of the victim company’s employees using Office 365. Users received an Office document that invoked macro malware that encrypts user files and takes over a victim’s audio system to read out its ransom note.
Microsoft started blocking the malicious attachment on 23 June but not before victims’ files were covered with AES-256 encryption and confronted with a 1.24 Bitcoin demand for decryption.
“Ransomware continues to be a threat to individuals and companies. This type of targeted attack is well thought out by cybercriminals who choose it as a method and vector for successful attacks, and this time they found holes in the security of Office 365,” says Darryn O’Brien, country manager at Trend Micro Southern Africa.
“Companies need to be aware that they can no longer rely on built-in product security to protect them from staunch threats, especially in a market that is currently leveraging cloud to digitise all aspects of business. Adding additional security like our Cloud App Security product, is going to become essential to businesses that have a responsibility to protect business, employee and customer data.”
Trend Micro’s Cloud App Security has blocked more than 2-million malicious files and URLs from Microsoft Office 365 by extending the included Office 365 security with advanced detection techniques to find ransomware, unknown malware, and links leading to malicious sites.
According to the security company, additional security is necessary for Office 365 because the security included in it filters known antivirus threats, but 90% of today’s malware will only infect one device and is unknown to traditional antivirus techniques.