Here's how to protect yourself from scripting attacks in Microsoft Office

There is no doubt that the programs that are part of the suite Microsoft Office are quite popular. These are used especially in corporate environments. Therefore, one of the most frequent activities is email exchange. In many of these messages we can find attachments, but if essential protection and prevention measures are not applied, we could be victims. script attacks .

What are these script attacks? First of all, we need to understand in substance what a script and what he does . Basically, it is a set of instructions that perform certain tasks, strictly based on what we program in these scripts. It is one of the most important allies of certain types of documents in Office like Excel. In various working environments, the use of scripts is applied so that the macros well-known can be developed .

Macros are widely used in organizations because they allow to streamline and automate all kinds of tasks, especially those that are very repetitive or that require formulas with very extensive parameters. The first thing that is perceived in terms of the benefits is: saving time and much less human factor errors. However, all of this can be moved to the realm of cybercrime.

In RedesZone, we have already said that Gmail improves the detection of a large part of malicious files from Office. Thus, it is clear that the most popular technological solutions are the most important and, above all, attractive targets for cybercriminals.

What is harpooning?

Unfortunately, scripting activity is very popular with various hacking attacks. Especially if we refer to the spearphishing . It's the Phishing typical that claims victims through e-mail. Cyber ​​criminals, after collecting information about the target, are tasked with generating these malicious emails to steal data or insert all kinds of malware into devices.

La spearphishing attachment is a variant of spearphishing that focuses on email attachments. However, not only attachments which are Excel or Word files or any other Office files are sent. But also executable files (.exe, for example), PDFs, compressed folders and much more. Once the victim notices that there is an attachment, they proceed to open it.

In many cases, nothing more is needed than the simple action of the user to attack. What happens after opening the suspicious file is that one or more vulnerabilities are exploited for subsequent attacks. In other cases, the attack takes place directly in the form of a malware insert or ransomware .

Why would people click on files of suspicious origin? The main reason is the curiosity . And of this detail, the attackers are fully aware. This is why there are spearphishing attack scenarios that contain certain text that fuels the curiosity and desire to open a file. This eye-catching text may come with instructions for decrypting an attachment or unzipping a password protected zip folder, to name a few.

The importance of educating and raising awareness

Worse situations can happen. We may come across files that appear to be benevolent because of their name, extension, and even icons. Keep in mind that everything can be handled, even something that seems like a minor detail like an icon , can make the difference between protecting us or being the victim of a certain attack. This is how important it is for end users, in particular, to know what type of email attachments are plausible to open.

Our daily life can be very busy and quite heavy. This can lead to inattention or simply a lack of importance of the most essential safety and protection measures. It's not complicated, if you weren't expecting to receive an "x" attachment, think twice and don't open it. In any case, check with the sender. Whether it's your friend, relative or colleague. There is nothing more certain than the feeling of doubt in these situations.

Even any protective or preventive measure can be of no use if the user is not educated. Most computer attacks happen in large part because the user took an action that served as a “trigger” for such attacks to occur.

On the other hand, people who work in an organization and are responsible for Office services, must take into account several preventive and protective measures . The most important thing is to identify the requirements of all the sections, to determine the needs of each and, therefore, to give the authorizations really necessary for each case. Remember that the Microsoft Office suite for business and its implementation can be maintained according to different profiles that we can create and permissions to be assigned.

If there are people who don't really need to access the traditional Outlook client, it is possible to restrict them to using webmail only with essential functions. Another case may consist of enabling / disabling the use of macros, in particular in calculation models (Excel) . For that, you have to go to " File / Options / Trust Center / Trust Center Settings "

Once inside, we go to the "Macro configuration" section to configure the macro policy.

In the case of other Office software such as Word, the process would be exactly the same. We can also always deactivate ActiveX.

As you have seen, it is very important that if we open office documents that we have received by email, we should never run any macros if there are any, and it is advisable to use services such than Virus Total to ensure that it does not embed any type of malicious code before executing them.