Securing your data and network is a mission-critical task, and it can be easy to forget that new threats are constantly springing up. If it’s been a while since the last time you heard about specific software exploits or vulnerabilities, it’s a good time to make sure you’re doing everything you can to stop new threats. Today, we’ll look at a couple security issues that have recently popped up to help you can stay ahead of the attackers.
Malicious PowerPoint Files Circulating via Email
If you’re a regular reader of this blog, you’ll know by now that we’re going to suggest that you never open an attachment that you don’t expect, even from a trusted source and even if you have a high degree of protection from spam.
In a recent post, we wrote about email encryption, which helps verify senders and receivers, but that won’t protect against a malicious file sent by someone impersonating a colleague or loved one. Since social engineering scams are often prosecuted through a chain of impersonations, you can’t always trust someone that you know when they send you an unsolicited file of any type. This is especially true of Office-type documents, like .docx, .pdf, and .ppt files.
Recently another file type is responsible for spreading malware: .ppam. As you may have guessed, the “pp” at the beginning indicates that this is a PowerPoint file type, but the “am” at the end indicates that it is an add-on file. These add-ons extend the functionality of PowerPoint, since they are just a container for macros or Visual Basic for Applications (VBA) code. These are scripting languages that Microsoft has used for decades to make Word and Excel more powerful and extendable.
Office Macros as a Vulnerability
With this ability to execute more code, the Office Suite becomes more vulnerable as a target, because it’s another platform for attacks to be run on. Macros are complex commands that can (when used properly) do things like automate Office workflows. If you need to do the same repetitive task—maybe copy and paste a certain part of a spreadsheet into an email every week—then you could write a macro or small bit of VBA to do the job for you.
Macros can also hold malware, though, so your best bet is to disable macros in Office. Office has macros disabled by default, meaning that to be vulnerable to macro attacks your administrator would have to turn them on for some reason. If macro malware makes it to you, though, the first thing that you’ll often see when you open the malware is an option to Enable Macros; if you enable the macros, the malware in the file will run.
You may be asking, “what harm can an Office macro do, though?” They can be used to download more malware from an attacker’s server, which means the attack can be escalated to data exfiltration or ransomware. These attacks, however, can be avoided by never enabling macros. If you need the functionality of a macro, there are other avenues to explore, such as having a script or program written to do the job.
A Typical Reminder to Patch your (Mobile) OS
Also on the security front: Apple has been releasing security updates for iOS and macOS over the past few weeks. Included in the iOS update is a patch for a zero-day exploit that allows the attacker to run arbitrary code with kernel privileges—in other words, totally compromise your phone or tablet. Additionally, Apple acknowledged and fixed a bug that impeded recent iOS and macOS versions from updating.
You should have updates automatically delivered and installed to maximize your device’s protection. If you don’t, now is a great time to check for updates. Keeping the operating system software updated on your phone is the only way to shut out certain threats to your mobile devices.
To make sure you’re getting automatic updates on iOS, go to Settings > General > Software Update > Automatic Updates, and turn on Download iOS Updates and Install iOS Updates. If you need to update manually, you’ll see an available update when you get to the Software Update page. On Android, to update your OS, go to Settings > System > System update. To check specifically for security updates, go to Settings > Security > Security Update > Check for Security Update.
-Written by Derek Jeppsen on Behalf of Sean Goss and Crown Computers Team