Microsoft Office Macros Are Still an Issue

I wrote about the Microsoft back and forth over disabling Microsoft Office macros last year and the risk that the use of them can pose to your organisation.

Microsoft Office Macros – The Good, The Bad and the Ugly

If you thought that disabling macros by default meant that the risk of a malicious macro being emailed into your organisation was going to go away, then you were mistaken. In today’s tech press it is being reported that recently there has been a number of email phishing campaigns that are using malicious OneNote attachments, rather than the more traditional Word or Excel files, a file attachment people may not be so familiar with and so may be tempted to open. (Abrams. 2023)

Why use Microsoft Office Macros at all then if they pose such risk?

Microsoft Office macros are useful. It is as simple as that. Diana, my partner at Smart Thinking Solutions, uses them all the time in her financial spreadsheets for analysis and just to speed up repetitive tasks.

I am sure there are a lot of accountants, data scientists and senior financial managers using the power of Excel and macros to carry out their daily work. All of them have had macros enabled for them by their helpful IT staff – because they really need them. Now you can see why threat actors are still interested in sending out files with malicious Microsoft Office macros in them – the potential victims can be very senior people in an organisation. One of the malware packages seen in the OneNote attachment attack is a credential stealer! (Abrams. 2023)

Microsoft Office Macros Are Still an Issue Cyber Awake

…and the point of this is to stop using Microsoft Office Macros

No. The point of this blog is to remind you that you (or someone for you) has to manage the risk that malicious Microsoft Office macros pose to your organisation if they get to a senior member of staff’s inbox.

Here are a couple things to think about when it comes to managing Microsoft Office macros:

  • Only enable them for those members of staff who really use them – not just think they need them.
  • Keep a list of the machines with macros enabled – if there is an issue you know where to look.
  • Think about running (recording) a separate cyber security awareness training session for the members of your team who use macros, so they are aware of the issues and risks.

If you or anyone in your organisation uses macros and you are not sure about any of the above – then it is time to get some help. The risk is real. Talk to us.


Clive Catton MSc (Cyber Security) – 
by-line and other articles

p.s.

I had promised “passwordlessness” as the subject of today’s blog – it will be the subject of Thursday’s blog… I promise!

References

Abrams, L. (2023). Hackers now use Microsoft OneNote attachments to spread malware. BleepingComputer. Retrieved January 23, 2023, from https://www.bleepingcomputer.com/news/security/hackers-now-use-microsoft-onenote-attachments-to-spread-malware/

Further Reading

Now OneNote is an attack vector

Don’t be tempted to open that zip file A story of a phishing email

Sometimes a simple email may work for the bad guys