Businesses need to allow employees to use productivity tools to maintain effective operations. Unfortunately, many of these efficiency-drivers are easily compromised by threat actors, as we saw with the Dridex trojan payload hiding in Excel spreadsheets delivered via phishing emails with senders posing as UPS, FedEx, and DHL. In fact, efficiency efforts can drive security gaps, as banning the use of these resources is not feasible and security awareness training programs are not 100% effective. As a result, security finds itself taking a backseat to that of employee productivity, putting corporate networks and assets at risk. This challenge has been especially heightened in recent months due to the organizational shift to remote working environments.
How Attackers Leverage Efficiency-Drivers for Malicious Activity
As we examine the tools, software, and processes that streamline tasks, it becomes apparent that many increase cyber risk – and threats that take advantage of macros are no exception. In 2016, Microsoft reported 98% of Office-targeted threats used macros, which prompted the company to begin adding features to combat macro-based malware. Nevertheless, exploiting macros remains the most common attack method used by threat actors. Macros enhance the user experience by automating frequently used tasks. This automation offers a gold mine for threat actors, who hide malicious code inside macros that automatically run when opened by the victim, thus executing the payload.
Threats in collaboration software
Recently, cybercriminals have also targeted their victims through collaboration software, such as Slack, Trello, Zoom, WebEx, and other tools. Similar to email, these platforms support productivity and collaboration by allowing users to share files with others. Threat actors are able to infiltrate the platform’s document sharing or messaging components to conduct phishing attacks and deliver malware payloads through malicious attachments. IT departments are finding it increasingly more difficult to monitor and control these channels and platforms in the new work-from-home setups and employees are straying away from cybersecurity best practices
Threats targeting daily job tasks
Threat actors also understand an employee’s need to carry out their designated job functions by accessing files and documents – and they certainly take advantage of it. In fact, for every 450 malicious files, there will be one resume-related scam. Earlier this summer, researchers discovered that fraudulent resume-related documents were being used to spread Zloader malware via malicious .xls files. Through sophisticated social engineering tactics, hackers can carry out ransomware, install banking Trojans, or discover backdoors into enterprise networks.
Votiro’s Secure File Gateway Technology Goes Beyond Traditional Security Solutions
Where software companies, such as Microsoft, have implemented features to protect against macro-based malware, their email gateways and solutions typically fall short in being able to protect against evasive malware and especially zero-day threats targeting organizations. Votiro’s Positive Selection Technology guarantees complete protection against all weaponized files in any stage of the vulnerability life cycle.
Votiro understands the need for employees to access all files that enter their inbox and does not block or quarantine files. Rather, it seeks out only the safe elements of each file to eliminate all threats from entering a network without interrupting business activity. Employees can access the exact same file with all malicious elements and risk removed. Security teams will no longer have to rely on having their employees’ use their best judgement in regards to what may be a malicious attachment and can ensure protection from phishing attacks knowing that every file that enters their organization is 100% safe.