Since the COVID-19 pandemic started, cybercrime has been on the rise. Work from home (WFH) arrangements and the general confusion many companies have struggled with as they try to figure out how to work productively while keeping people safe have created opportunities for cybercriminals to exploit. For example, some home office environments don’t have the same level of firewall protection offered by networks housed at company premises.
While the bad guys are using many of their old tricks, including phishing and ransomware, they’re using new tactics as well. According to TechRepublic, “Malicious office documents are the latest trend in cybercriminal behavior; a timely strategy as companies pause office reentry plans and continue to work remotely due to COVID-19.”
Malicious office documents are standard electronic files that have been infected with malign macros, which are multiple commands bundled together to perform tasks. When someone opens the files, the destructive code is unleashed. Regarding cybersecurity threats, knowledge is power, and here we present everything you need to know about this new danger and how to avoid it.
What Are Malicious Office Documents?
Harmful office files can include any kind of document you may receive in email, including those created using Microsoft Office, Google Docs, and PDF formats. The fact that these types of documents are frequently used in office environments is one feature that makes them so effective. Many people don’t think twice about opening them. Another attribute that supports their success is that these files can often evade detection from antivirus software.
When unsuspecting office workers open or access these documents, the malware they contain is activated as well. This malware then installs itself on the user’s computer. If the computer is on a network, the entire network can quickly become infected.
Some of this malware, such as that known as Emotet, is particularly harmful because it can evade antivirus software and allow other malware installations, such as information stealers, trojans, and ransomware. During the pandemic, Word documents infected with Emotet were often attached to messages related to COVID-19 vaccinations and related content.
Emotet was successful at spreading before it was disrupted in early 2021 by global law enforcement agencies. But that initial success prompted other cybercriminals to attempt similar strategies.
The following video describes exactly how Emotet works:
What Harm Can Malware Cause?
Once installed on a system, the malware can initiate a ransomware scheme in which computer files are locked by the attacker, with a demand for ransom (usually requested in the form of cryptocurrency) in exchange for unlocking them.
Ransomware attacks have become even more pernicious lately. Savvy companies that have been backing up their files may refuse to pay the ransom and simply retrieve their backed-up files. But cybercriminals can take the process one step further by threatening to reveal data contained in the files unless the ransom is paid.
Such actions can be highly disruptive if that data contains proprietary company processes or personal customer information. When information is distributed in this way, companies can spend untold time and money trying to retrieve or recreate their data. Additionally, they may suffer consequences from regulatory agencies as well as lose credibility with customers and employees.
Cybercriminals have a much easier time attacking employees working from home. TechRepublic quotes a technology expert explaining why: “The ability to detect and respond to [threats] on home networks is next to zero, so the level of sophistication and evasion needed for a successful malware attack is much lower than it was before the pandemic.” That’s scary news for the many companies that are still enacting WFH arrangements as the pandemic continues, or even making them permanent.
Who’s Performing and Receiving the Damage?
With this type of malware, as with other types, the perpetrators use cyberattacks to enrich themselves or the organizations they work for. For example, the Emotet malware was distributed by a hacker group known as Mealybug, which began its activities in 2014. Such criminals are typically highly intelligent, curious, and appreciative of new situations in which to exercise their mental capacity. They enjoy the process of making things work well, including their malware schemes.
Victims can be anyone unaware of how these attacks occur, or not paying close enough attention to the content of their email messages. Thankfully, these conditions can be changed, which is why education and training are so important for companies who want to guard against such attacks.
Take Steps to Avoid This Threat
Most cybersecurity attacks require 2 components to be successful: Effective code that can accomplish what its creators intend, and a victim who allows it onto their system. Because people are one half of this equation, teaching them how to avoid harmful actions can go a long way toward preventing a successful cyberattack. In other words, cybersecurity training is crucial for any company that wants to stay cyber-safe.
Cybersecurity training can keep companies safer in the following ways:
- Making sure employees are informed of the potential risks they face any time they use a device — just knowing about the risks helps them become more aware
- Training workers on what to look for, including the telltale signs of a phishing attempt — these red flags are often easy to spot
- Guiding team members on what to do when they see something suspicious — knowing what to do and who to call is critical
- Informing employees about the entire cybersecurity plan and how their efforts fit into it — acting as part of a team effort provides support and encouragement
- Keeping workers up to speed about new and emerging threats — because cybercriminals are always upping their game
Additionally, companies must maintain equipment by ensuring they have the latest versions of operating systems and software and shoring up preventive hardware devices. These efforts are especially important for WFH employees who may not have the skills to perform these updates on their own. Additionally, make sure macros are disabled in your Microsoft Office applications.
While no cybersecurity program can be 100% foolproof, taking these steps can considerably increase safety.