Hackers Find Way To Bypass Windows Security Feature

Hackers Find Way to Bypass Windows Security Feature

Arraya Insights | January 21, 2015

Typically the saying “everything old is new again” gives a person a reason to hang on to possibly embarrassing old clothes or CDs. Unfortunately, that saying also has implications in other areas, such as digital security. For example, pros who take their eyes off a threat they thought they’d bested may just have it come back to haunt them later.

Consider this recent example.

The Microsoft Malware Protection Center (MMPC) has identified a rise in the number of macro-based threats. Macros are scripts which automate tasks, to infect targets with malicious code. In the olden days – pre-2001 – cyber ne’er-do-wells would send spams email containing a macro which was designed to install malware on a victim’s computer. If victims opened the file, the macro would run automatically, allowing the malware to potentially wreaking havoc on their systems.

Microsoft thought they had this problem licked with the release of Office XP. Starting with that software, the default setting for macros became “Disable all macros with notification.” That meant users were required to give permission before their machine would execute any unsigned macros, the kind favored by hackers. That change led to a decline in the number of macro-based attacks as crooks looked for other, more effective avenues to do their dirty work.

But macro attacks, like bell bottoms and swing music before them, made a comeback. An increased number of attacks began in early December and peaked at the month’s midpoint. So what changed? Nothing from a software point of view. Microsoft still disables macros by default. Hackers just got cleverer about how they deliver those macros.

Hackers began using social engineering methods to bypass Microsoft’s fix. Their gambit goes like this: They’ll give a file a name which sounds like it’s an important document, think things like wire transfer notices, shipping receipts or invoices. Once opened, the file provides step-by-step instructions to their targets on how to enable macros to run on their machine, so they can access that “important” file. When targets enable macros to read the “invoice” they’re actually giving hidden malware the ability to infect their system. That combination of the instructions, a convincing spam email message and the legit-looking file name has been enough to bring back a fading attack method.

So your tech team has done its part and provided fully updated and protected machines. But the latest security bells and whistles aren’t always enough to keep hackers out of a system. That’s especially true in cases like this one where employees have a key to let them in.

The easy answer to prevent these issues is more training. Pull employees into a session and remind them about the usual email best practices. Also, pass along some tips from the MMPC, such as the fact that most invoices or receipts typically don’t need macros so it’s good to be suspicious of any that claim they do.

Of course, saying “We need more training” is one thing. Finding the time to pull that off, especially in light of all the other areas which require IT’s attention on a daily basis, is where things get more complex.

Arraya Solutions can handle those daily to-do list items, shifting some work off IT’s plate and freeing the team up to handle tasks which may have otherwise kept getting pushed off “until tomorrow,” e.g., user training. To learn more about Arraya’s forward-thinking solutions and the super-hero level of service its engineers pride themselves on, visit www.ArrayaSolutions.com or speak to an Arraya account executive today.

Don’t forget to follow Arraya on Twitter: @ArrayaSolutions