Weekly Tech Tidbit – Easily Block Microsoft Office Document Infection On Your Network

April 12th, 2019
Weekly Tech Tidbit – Easily Block Microsoft Office Document Infection On Your Network

I have been watching the Cisco AMP and Paladin CyberSentinel Managed Endpoint Detect & Respond consoles for a number of clients of late.  One thing is extremely apparent.

Your administrators are under constant attack from emails with fake invoices, as well as Microsoft Word and Excel documents - all of which are infected.

The hope is that they will catch your staff in a moment of weakness clicking on a bogus attachment.   For PDFs keeping your Adobe Reader at current page levels is vitally important.   My thoughts on how to do that is a different post for another week.

However, this week my concern is killing these Microsoft Office Macro viruses.

More and more the bad guys are "living off the land".  By that I mean they are using the built-in tools on the network against us to do bad things to us vs. "infecting" you with malware.   This is one of the major reasons that traditional antivirus is failing and no longer adequate.    How do you see a fileless, malevelent transaction?   That is where you have to up your game and replace traditional antivirus with products such as our Paladin CyberSentinel Managed EndPoint Detect & Respond service.

But even before that we can within a few minutes shut down these Microsoft Office macro attacks against your users.

Microsoft Office 2016 has a group policy which allows you to force Microsoft Office macros to be disabled.   You can also make it prompt for running.   You should train your users to never say yes to running macros in Microsoft Office that they haven't been trained to use.

I can turn off the macros and functionally kill this specific style attack from even launching.   It doesn't solve everything, but it is free and take out a major attack vector against your users.

Remember this only happens if you are at Microsoft Office 2016 or higher.   If you are not there, upgrade to get there ASAP.  If you need help turning on that block macros setting, let us know.