Current Threats Posed by Office Macros

Less than six hours after Donald Trump became the presumptive president-elect of the United States, a Russian hacker gang perhaps best known for breaking into computer networks at the Democratic National Committee launched a volley of targeted phishing campaigns against American political think-tanks and non-government organizations (NGOs).
Brian Krebs, KrebsOnSecurity

Washington D.C security firm Volexity has reported in a blog post that these organizations received emails containing files which, if opened in Microsoft Office, could deploy malware to give the attackers remote access.

In the example image above, the attackers leveraged an already compromised Harvard.edu email address they were controlling to disperse infected documents to organizations with ties to the Clinton Foundation. The zip file contained in the email was carrying a sophisticated Trojan which would attempt to infect the system of the person who opened it.

What You Should Do

Check to see if Macros are disabled on your machine. In Office 2007 and 2010:

  1. Open the settings menu within any Office application (Word, Excel, etc.)
  2. Click Trust Center
  3. Click Trust Center Settings
  4. Click Macro Settings
  5. Look for “Disable all macros with notification”. That will not allow macros to run automatically, but will notify you when one is present to allow you to consider running it or not.

If Office Macros are not part of your workflow, then you will be more secure if you disable that functionality. By disabling macros, you are protecting yourself from some of these self-executing scripts which can compromise your system.

Visit Microsoft’s Office Support documentation for the full instructions.

Tips

Phishing is becoming increasingly sophisticated in the ways hackers are leveraging social issues and security threats to get people to open the emails. You can read my recent article all about Phishing for more information on how to detect and deal with those attacks.

I also highly suggest running Windows Defender or another dedicated anti-virus program on your computers in addition to Malwarebytes.

It is really important to approach information security from a holistic perspective. You need software to protect your devices, and the knowledge to avoid social engineering traps (like phishing) set by attackers.