Cybersecurity Insurance Checklist - Meet Insurance Requirements with BeyondTrust PAM Download for Free

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Return of the Macro

October 20, 2017

  • Blog
  • Archive

Just like fashion, malware goes through trends and comebacks, so let's take a look at what's 'in' this season. Anyone involved in IT in the 1990's will remember a few things; plaid shirts, floppy disks and macro viruses. Although I can't envisage the former two making a comeback any time soon, macros are definitely back on the InfoSec agenda, something Microsoft has been highlighting recently.
Adnel Tabir encounters

Adnel and Tarbir macro attack encounters, 2014 (Microsoft TechNet Blog)

Macros have been a longstanding part of the Office suite and can be used to increase productivity by automating processes. However these powerful capabilities can be exploited by malware authors who can quickly create and embed malicious scripts in Office documents. In 1999 the Melissa worm spread rapidly across the globe. The source was a malicious word document that not only infected all the local files but emailed itself to the first 50 email contacts in Outlook.

To deal with these issues, security was tightened around macros to prevent them from running automatically. Newer versions of Office virtually eliminated the issue and the attackers moved on to other, softer targets.

So how are they now making a comeback?

The simple answer is user trust. As endpoint defenses have hardened, attackers are increasingly seeing the user as the target, as the users are often easier to exploit than the software. For example, it is far easier for an attacker to trick a user into executing code than finding a software vulnerability to exploit. Unfortunately, the increased security around macros seems to be playing into the attackers' plans.

More and more, users are being exposed to security 'warnings', and are comfortable with technologies like encryption. Malware authors exploit this trust by warning the user that "Macros must be enabled to view this encrypted document". The user often thinks they are actually improving their security by allowing macros to run; in reality they are doing the exact opposite and allowing malware to execute. These files typically have convincing names such as "ORDER DETAILS 9650.doc" and "Payment Advice 593016.doc" and are usually attached to convincing looking emails.

So how do we stop this 90's comeback before it drags us back to the days of warehouse raves and zip disks?

As macros are quick to write with minimal skills, reactive technologies such as antivirus cannot keep up with the perpetual wave of malicious documents. The quickest solution is to disable macros entirely, but this naturally leads to a loss in productivity. The better solution is to be more proactive and balance security with freedom.

With Avecto's Defendpoint solution, we deal with this issue by layering defences.

  • Sandboxing (isolating untrusted documents from the internet) allows users to read, edit and save them in a secure yet transparent container. Even if macros are allowed to run, their effects remain isolated and cannot infect the user’s documents.
  • Strict application control rules prevent rogue processes or payloads from ever executing, by ensuring that only known and trusted applications can run.

Get proactive in 2015

As attackers increasingly seek new ways to target users with highly convincing social engineering attacks the CIO strategy needs to shift to more proactive, positive security measures. Removing excessive privileges, controlling the applications that can run and isolating untrusted internet content are big wins in securing the endpoint. A Defense in Depth approach underpinned by Privilege Management, Application Control and Sandboxing can help you secure the enterprise and keep your employees free to be creative, productive and profitable in 2015.

Find out more about how to strike this balance by watching Andrew Avanessian, EVP of Consultancy and Technology Services at Avecto talking to Alastair Greener from Business Reporter at the Daily Telegraph studios. Watch the video here.

Photograph of James Maude

James Maude, Lead Cyber Security Researcher

James Maude is the Lead Cyber Security Researcher at BeyondTrust’s Manchester, U.K., office. James has broad experience in security research, conducting in-depth analysis of malware and cyber threats to identify attack vectors and trends in the evolving security landscape. His background in forensic computing and active involvement in the security research community makes him an expert voice on cybersecurity. He regularly presents at international events and hosts webinars to discuss threats and defense strategies.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Microsoft Vulnerabilities Report 2021

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.