Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Macros big again with cybercriminals

Maria Korolov | June 29, 2015
Up to a year ago, most phishing emails were all about tricking users into clicking on malicious links that led to malware downloads. Starting last fall, however, the use of attachments increased eight-fold, and that increase has persisted to this day, according to a new report from Proofpoint.

Most recently, he said, those are very straightforward emails pretending to be from an electronic fax or email system, followed by invoices or financial transfer instructions.

When opened, the macros only activate when the user clicks on something in the document -- to see an enlarged version of a table, for example. That way, Epstein explained, they evade sandbox-based security.

Even if the user has macros disabled, they will regularly approve an override out of habit, he said.

"The weakest link, again, is us," he said.

The macro then installs a new piece of malware, usually the Dridex trojan, which quietly monitors the user's browsing history and steals banking credentials.

To battle this threat, Epstein recommends upgrading to the latest gateway security technology if the current system was installed more than a couple of years ago. And, in addition to initial protection, invest in targeted attack protection and threat response technologies, he added, for when malware does slip through.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.