Macro-less word document attacks on the rise

WatchGuard released its Internet Security Report for Q4 2017. Among the report’s most notable findings, threat intelligence showed that total malware attacks are up by 33 percent, and that cyber criminals are increasingly leveraging Microsoft Office documents to deliver malicious payloads.

macro-less word document attacks

“After a full year of collecting and analyzing Firebox Feed data, we can clearly see that cyber criminals are continuing to leverage sophisticated, evasive attacks and resourceful malware delivery schemes to steal valuable data,” said Corey Nachreiner, CTO at WatchGuard Technologies. “Although these criminal tactics may vary over time, we can be certain that this broad trend will persist, so the risks have never been greater for small and midsize organizations with less IT and security resources. We encourage businesses of all sizes to proactively mitigate these threats with layered security services, advanced malware protection, and employee education and training in security best practices.”

Cyber criminals leveraged malicious Office documents to trick victims

Dynamic Data Exchange (DDE) attacks cracked WatchGuard’s top ten malware list in Q4, as hackers increasingly exploited issues within this Microsoft Office standard to execute code. Also called “macro-less malware,” these malicious documents often use PowerShell and obfuscated script to get past network defenses. Additionally, two of the top-ten network attacks in Q4 involved Microsoft Office exploits, further emphasizing the growing trend of malicious document attacks.

Overall malware attacks grew significantly, while zero day malware variants jumped 167 percent

WatchGuard Fireboxes blocked over 30 million total malware variants in Q4, which was a 33 percent increase over the previous quarter. Out of the total threats prevented in Q4, the subset of new or “zero day” malware instances rose steeply by 167 percent compared to Q3. These increases can likely be attributed to heightened criminal activity during the holiday season.

macro-less word document attacks

Nearly half of all malware eluded basic AV solutions

Zero day malware accounted for 46 percent of all malware in Q4. That level of growth suggests criminals are using more sophisticated evasion techniques capable of slipping attacks past traditional AV services, which further underscores the importance of behavior-based defenses.

Scripting attacks account for 48 percent of top malware

Script-based attacks caught by signatures for JavaScript and Visual Basic Script threats, such as downloaders and droppers, accounted for the majority of malware detected in Q4. Users should take note of the continued popularity of these attacks and watch out for malicious script in web pages and email attachments of any kind.


Subscribe to the Help Net Security breaking news e-mail alerts:


Don't miss