Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Monday, 6 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Cybercrime Economics of Malicious Macros

by The Gurus
June 10, 2015
in Editor's News
Share on FacebookShare on Twitter

Attack techniques come and go as technology and user behaviours change and defences adapt to new threats – and sometimes take their eye off old ones – and the return of malicious macros offers an opportunity to examine and understand the drivers behind these adaptations, an exercise that is equal parts business case and technical analysis. By combining technical analysis of malware samples with investigation on cybercriminal forums, this report exposes the economic and technical drivers behind the recent rise of malicious macros and enables cybersecurity practitioners to better defend their organisations against this and future advanced threats.
Proofpoint research into threats and underground forums finds that, from a cost perspective, malicious macros deliver the most ‘bang for the buck’ because they combine lower up-front and maintenance costs with higher effectiveness to create a ‘killer app’ for cybercriminals. Technical analysis and threat intelligence allow us to identify the cause behind the explosive return of malicious macros as an exploit technique featuring daily in massive campaigns:
»» Highly successful at evading not only traditional signature- and reputation-based defences, but also newer behavioural sandboxes
»» Able to be frequently updated easily and at low cost
»» Cross-platform and “unpatchable,” because it is not limited by vulnerabilities on a specific operating system or application version
»» Reliance on end-user interaction leverages social engineering to bypass automated defences
»» Low up-front and maintenance costs increase return on investment (ROI)
Combined in a single solution, it is no surprise that malicious macro attachment campaigns have grown so rapidly in both size and frequency,
and we can expect that they will only begin to subside when this equation changes and either their cost increases or effectiveness decreases
to the point that they can no longer deliver the same ROI.
For malware to be cost-effective, it must first and foremost be effective. The ability of malicious macros to consistently evade defenses and entice end-users to click is a critical aspect of their success and attractiveness to threat actors. The main contributors to the effectiveness of malicious macro exploits are:

    • Ability to evade both signature-based and behavioural defenses
    • Ease of tricking end-users into enabling the malicious content in the document
    • Cheap and easy to create new versions to stay ahead of detection techniques
    • They do not exploit vulnerabilities that can be patched; instead, the propensity of end-users to click is the vulnerability

Proofpoint observes dozens of new or modified malicious macros daily. While there are many custom or one-off macros, we have observed at least four to five established sellers who regularly market their services to multiple actors. Malicious macros are cost-effective: The budget for a malicious document (or “maldoc”) campaign can range from zero to US$1,000. In addition to the services of a few established sellers such as  Xbagging and MacroExp, there are many open-source examples for cost-constrained or do-it-yourself actors of how to weaponize a Microsoft Word document with a malicious macro. Malicious macros are effective: Unlike attachments that exploit known or zero-day vulnerabilities, malicious macro attachments may lead to higher success rates because they do not rely on the presence of an unpatched vulnerability in Microsoft Windows or office, or other common applications. While the campaigns themselves have expanded their repertoire beyond Word documents to include other types of Microsoft Office document types – primarily Excel – and templates such as HTML and XML, malicious messages with attachments remains a prominent feature of the threat landscape.
A large part of the success of malicious macros is rooted in their ability to exploit the Human Factor: as Proofpoint research has demonstrated elsewhere, every organization clicks. The best defense against this threat will minimize opportunities for end-user interaction before they can click, including:
»» Ensure that in your organization Microsoft Office is configured to disable macros by default, and preferably set to disable “without notification.” Enabling the “with notification” option leaves the decision with the user and as Proofpoint research has shown, someone always clicks.
»» Educate your users about the dangers of unsolicited email, and to be particularly wary of the phishing templates that Proofpoint research has found to be the most effective: message notifications, corporate financial messages, and delivery notifications.
»» Deploy next-generation solutions capable of detecting and blocking these and other modern, advanced email-borne threats. The economics of malicious macros also highlight the importance of looking beyond tactical responses and taking a strategic approach that incorporates threat intelligence. In order to understand the dynamics driving new threats, organizations must have access to comprehensive threat intelligence: seeing before the first link in the attack chain, so to speak, enables security teams and decision-makers to understand who is creating new threats, why, and how likely they are to be used by different actors. This is the only way to identify, adapt to and defend against new threats as they emerge.

FacebookTweetLinkedIn
Tags: cybercrimeinfosecinfosecurityit security
ShareTweetShare
Previous Post

Risk Analysis: How To

Next Post

‘Zombifying’ cyber-attack could affect +50 million internet users

Recent News

Phone with app store open

$400,000 Fine for Stalkerware App Developer

February 6, 2023
london-skyline-canary-wharf

Ransomware attack halts London trading

February 3, 2023
Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

February 2, 2023
JD Sports admits data breach

JD Sports admits data breach

January 31, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information