Malicious Macros: Arming CISOs for Continuous Security

December 17, 2020

Invoicing. Business documents. A meeting invitation. These days, the average employee receives countless incoming files including emails with attachments, web downloads, and others that have CISOs stressing around the clock about what they might click. And now, cybercriminals have tapped into yet another virtual weakness with one unsuspecting click that can be devastating to an organization: malicious macros

While malicious macros are not exactly anything new, cybercriminals have upped their social engineering game to a whole new level. Now, organizations everywhere must know the best way to protect themselves. Keep reading to learn more about what malicious macros are, how they can infiltrate a network, and how Votiro’s technology can keep your business safe.

What Are Malicious Macros?

Macros become malicious when the Visual Basic for Applications (VBA) programming within Microsoft Office macros is utilized to spread malware, viruses, and more. Malicious macros first became common back in the ‘90s, before organizations had proper cybersecurity training in place. Once businesses learned how to train employees on identifying malicious macros, many thought these threats had become a thing of the past. 

However, cybercriminals have become much more sophisticated in recent years. Now, hackers have brought back the malicious macro using complex social engineering tactics that are more difficult for the everyday employee to spot. As a result, outdated, detection-based solutions simply won’t cut it, and CISOs must better arm their organizations against malicious macros. 

How Do Malicious Macros Infiltrate? 

Today, the most common passage of infection is by sending a document with embedded malicious macros. Once the macro is executed, the programmer can access the file system with all the privileges the user has, download and cause major damage to files and programs, change proxy settings, plus many more vengeful acts.

In 2017, Microsoft presented Windows 10S, a new version of the operating system that they claimed was another step toward enhanced security. Within three hours hackers had developed a macro that could infiltrate the new system. This sent system administrators and C-level leadership reeling, and many sought out stronger security measures.

Legit macros today are widely used in organizations in their intentional form, as they are an important feature that can automate tasks and ease everyday business. However, CISOs must weigh the pros and cons of maintaining older macros. For example, ReversingLabs conducted an analysis of 160,000 Excel 4.0 documents between November 2020 and March 2021. It was found that more than 90% of these macros were classified as malicious or at least suspicious. So, while everyone may want the convenience of macros without the security risk, security leaders are in need of more proactive solutions to address the threats they pose.

How Votiro Can Arm CISOs Against Malicious Macros 

Traditional counteracting technologies including Anti-spam, Anti-virus, and Sandbox address faulty macros and we’ve seen these positioned as major security solutions. However, AS, AV, and Sandbox are outdated and each carry a significant chance that they too can be bypassed.

With other solutions, like general CDR, you end up with a flattened document, without any macros at all, where legitimate macros have been removed, as well.

In order to truly deal with the threat of macros, Votiro’s Positive Selection technology differentiates between a legit macro and a malicious one.  The way our file sanitization technology has tackled this macro epidemic is by looking deeper. We don’t just eliminate all macros at once, we analyze the code for suspicious artifacts. If such anomalies are found, then the individual document is deemed suspicious and tagged for further action based upon our client policies.

Safe document oversight allows for control and less hassle for CISOs who continually cope with the ongoing nuisance that is macros. Here at Votiro, we work around the clock to counteract current and future threats, with the best minds solving ongoing problems. Stay ahead of the threat with Votiro’s Positive Selection technology.

Contact us today to learn more about how we can help! Or, schedule a demo to watch our technology in action.