Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

New Microsoft Office Threat: OneNote Documents filled with Malware

published on 2023-03-20 05:58:04 UTC by Jacob Alcock
Content:

Look out for potential threats when using Microsoft Office; cyber attackers have been using Microsoft OneNote documents to download malware onto computer systems.

What is the threat to Microsoft Office users?

Attackers use Microsoft OneNote documents (part of Microsoft Office) to launch malware attacks. OneNote is a digital notebook that is included in the Microsoft 365 subscription.

Attackers can attach files to OneNote documents, which can then be used to download malware from remote locations. All the attackers need to do is convince the victim to double-click on the file, which has proven to be a simpler task than expected.

This type of cyber attack hides malware behind the 'click to view document' buttons in emails. This is a clever way to trick victims into thinking that the file is sensitive and requires additional protection, causing them to fall for the attack.

Even if you don’t use OneNote, you could still be at risk of one of these attacks. Attackers assume that businesses will likely have OneNote installed because it’s normally bundled with the rest of the Office applications. These new types of attacks have very low detection rates from antivirus software, and so are proving to be a serious threat.

Microsoft is aware of the malicious uses of OneNote and has ,publicly stated that changes to OneNote are coming to increase protection against these attacks, which would likely be available before the end of April this year.

What are office macros? Why can they be used in cyber attacks?

A macro is a small set of instructions implemented to automate frequently used tasks for Microsoft office applications. They are written in a programming language called Visual Basic for Applications and are saved as part of the Office file they are associated with.

Macros can be used for many legitimate purposes, but in the wrong hands, they can also be used as a part of a cyber-attack. When they are used with malicious intentions, the attacker can exploit the target in several ways, from running ransomware to stealing data. The nature of macros embedded in Office files makes it difficult for traditional anti-virus software to notice them.

These attacks are not new and have been around since the 1990s. Microsoft has taken defensive actions to fix this vulnerability by disabling macros by default. This has made it more difficult for attackers, forcing them to persuade victims somehow to enable macros. These changes have led attackers to look for exploits in other Office applications.

Phishing email attacks

Infected Office files must be delivered to a victim, often as an email attachment. The files are normally named specifically to persuade you to download and open the file. Email filters are not picking up on these types of attacks because OneNote files are commonly used for genuine business purposes.

How can I prevent these attacks from affecting my business?

Due to the high amount of legitimate business usage of Microsoft OneNote, there are limited ways you can fully prevent these new attacks. One mitigation route is to block the OneNote file extension, ‘.one’ from your mail server. This will block/quarantine any email containing an attachment with this file extension; however, this could cause productivity issues as many legitimate emails would also be blocked.

  • Be wary of any attachments in emails from senders you don’t recognise
  • Don't click an email if it uses pressing language and the attachment looks suspicious
  • Make sure your Anti-Virus and Firewalls are updated
  • Think you’ve received a spam email? Report it: ,report@phishing.gov.uk

Until changes to protect users have been implemented by Microsoft, the best way to protect yourself from these types of attacks is through educating your staff with ,Security Awareness Training. We offer this service to businesses to help increase their staff's resilience to cyber-attacks. ,Contact us today.

Article: New Microsoft Office Threat: OneNote Documents filled with Malware - published over 1 year ago.

   
Published: 2023 03 20 05:58:04
Received: 2023 05 17 23:07:19
Feed: North West Cyber Resilience Centre
Source: National Cyber Resilience Centre Group
Category: News
Topic: Cyber Security
Views: 1

Custom HTML Block

Click to Open Code Editor