Cyber criminals continue to utilise weaponised macros in Microsoft Office documents to deliver malware. In a recent report from Cofense, it was noted that the exploitation of Microsoft Office macros comprised 45% of all deliveries. A separate report showed that a further 37% exploited the Microsoft Office Memory Corruption Vulnerability (CVE-2017-11882).
Macros can be easily developed and distributed. Despite Microsoft having disabled macros by default, it only takes minimal user interaction to start the infection chain. Subsequently, the victim could be infected by a range of malware, with Geodo, GandCrab and Trickbot among the variants observed.
As Cofense noted, the range of observed payloads indicates that this delivery mechanism is used widely across the cyber crime landscape by both “mature and amateur operators alike.”
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.