Tag Archive for: Blocking

Blocking Macros Is Only the First Step in Defeating Malware

/in


  • Microsoft’s decision to block macros will rob threat actors of this popular means for distributing malware.
  • However, researchers note that cybercriminals have already changed tacks and significantly reduced using macros in recent malware campaigns.
  • Blocking macros is a step in the right direction, but at the end of the day, people need to be more vigilant to avoid getting infected, suggest experts.

Ed Hardie / Unsplash.

While Microsoft took its own sweet time deciding to block macros by default in Microsoft Office, threat actors were quick to work around this limitation and devise new attack vectors.


According to new research by security vendor Proofpoint, macros are no longer the favorite means of distributing malware. The use of common macros decreased by approximately 66% between October 2021 to June 2022. On the other hand, the use of ISO files (a disc image) registered an increase of over 150%, while the use of LNK (Windows File Shortcut) files increased a staggering 1,675% in the same timeframe. These file types can bypass Microsoft’s macro blocking protections.


“Threat actors pivoting away from directly distributing macro-based attachments in email represents a significant shift in the threat landscape,” Sherrod DeGrippo, Vice President, Threat Research and Detection at Proofpoint, said in a press release. “Threat actors are now adopting new tactics to deliver malware, and the increased use of files such as ISO, LNK, and RAR is expected to continue.”



Moving With the Times

In an email exchange with Lifewire, Harman Singh, Director at cybersecurity service provider Cyphere, described macros as small programs that can be used to automate tasks in Microsoft Office, with XL4 and VBA macros being the most commonly used macros by Office users. 


From a cybercrime perspective, Singh said threat actors can use macros for some pretty nasty attack campaigns. For instance, macros can execute malicious lines of code on a victim’s computer with the same privileges as the logged-in person. Threat actors can abuse this access to exfiltrate data from a compromised computer or to even grab additional malicious content from the malware’s servers to pull in even more…

Source…

Microsoft upgrades Office security by blocking VBA macros by default

/in


There’s been a bit of back and forth since the change was originally announced, but this week Microsoft started rolling out an update to Microsoft Office that blocks the use of Visual Basic for Applications (VBA) macros on downloaded documents.

Last month, Microsft was testing the new default setting when it suddenly rolled back the update, “temporarily while we make some additional changes to enhance usability.” Despite saying it was temporary, many experts worried that Microsoft might not go through with changing the default setting, leaving systems vulnerable to attacks. Google Threat Analysis Group leader Shane Huntley tweeted, “Blocking Office macros would do infinitely more to actually defend against real threats than all the threat intel blog posts.”

Now the new default setting is rolling out, but with updated language to alert users and administrators what options they have when they try to open a file and it’s blocked. This only applies if Windows, using the NTFS file system, notes it as downloaded from the internet and not a network drive or site that admins have marked as safe, and it isn’t changing anything on other platforms like Mac, Office on Android / iOS, or Office on the web.

Microsoft:

We’re resuming the rollout of this change in Current Channel. Based on our review of customer feedback, we’ve made updates to both our end user and our IT admin documentation to make clearer what options you have for different scenarios. For example, what to do if you have files on SharePoint or files on a network share. Please refer to the following documentation:

• For end users, A potentially dangerous macro has been blocked

• For IT admins, Macros from the internet will be blocked by default in Office

If you ever enabled or disabled the Block macros from running in Office files from the Internet policy, your organization will not be affected by this change.

While some people use the scripts to automate tasks, hackers have abused the feature with malicious macros for years, tricking people into downloading a file and running it to compromise their systems. Microsoft noted how administrators could use Group Policy settings in…

Source…

FEC says Twitter acted legally in blocking Hunter Biden laptop stories, pointing to claim of intel warnings about hacking

/in


The Federal Elections Commission said on Wednesday its members unanimously rejected complaints from the Republican National Committee and others that Twitter’s decision to block the sharing of links to articles from the New York Post related to Hunter Biden’s laptop constituted an illegal contribution to now-President Joe Biden’s candidacy.

In announcing the decision, the FEC pointed to Twitter’s assertion that part of the reason it stopped the spread of the New York Post articles in October was over concerns that foreign actors obtained the salacious materials through hacking. The social media giant claimed the U.S. Intelligence Community was warning about such an effort in the lead-up to the 2020 election. No evidence has emerged that the Hunter Biden laptop story stemmed from a foreign hacking operation.

The FEC said there was a 6-0 vote in finding “no reason to believe” that Twitter violated the law “by making corporate in-kind contributions” and “no reason to believe” that Twitter CEO Jack Dorsey or Brandon Borrman, who was Twitter vice president of global communications, broke the law.

In response to reporting on the decision published on Monday, RNC spokeswoman Emma Vaughn said the group was “weighing its options for appealing this disappointing decision from the FEC.”

An October complaint  from the RNC alleged: “Through its ad hoc, partisan oppression of media critical of Biden, [Twitter] is making illegal, corporate in-kind contributions as it provides unheard-of media services for Joe Biden’s campaign.” The RNC argued at the time that Twitter was “doing so for the clear purpose of supporting the Biden campaign.”

Robert Kelner, a lawyer who had represented retired Lt. Gen. Mike Flynn before Sidney Powell took over his representation, helped represent Twitter in the FEC complaint, writing in December that “Twitter undertook, for bona fide commercial reasons” actions to block potentially hacked content.

A lengthy statement from Yoel Roth, head of site integrity for Twitter, was included in Kelner’s response.

“Since 2018, I have…

Source…

Hacking Servers. Online Blocking. Police Raids. Information Attacks. What Won’t The Kremlin Do To Stop ‘Smart Voting’?

/in


Here’s the main reason why Aleksei Navalny has become such a potent political force and a threat to the Kremlin: his splashy exposés documenting corruption and ostentatious spending by government officials, usually accompanied by his acerbic wit.

But there’s another, equally potent reason: his Smart Voting campaign, an effort that aims to loosen the chokehold the Kremlin-allied United Russia political party has on elected legislatures nationwide.

And that’s why, with just weeks to go before nationwide elections to choose a new lower house of parliament, authorities have stepped up a crackdown on anything connected to Smart Voting.

“They are definitely fighting against Smart Voting,” Abbas Gallyamov, a Moscow-based political analyst, told Current Time, the Russian-language network run by RFE/RL in cooperation with VOA.

“We can’t forget that Smart Voting is the most dangerous of all of Navalny’s projects, at least at the present moment,” he said.

Smart Voting Goes High-Tech

The September 17-19 elections are crucial not only for cementing United Russia’s grip on the country’s political life. They’re also key to any constitutional maneuvering that the Kremlin might undertake in the run-up to the 2024 presidential election, when President Vladimir Putin may seek a fifth term.

The problem for the Kremlin is that, at least since last year, polling for United Russia has been at historic lows.

The opposition, headed by Navalny, has shown unprecedented effectiveness — using the Smart Voting tactic to secure victories for hundreds of opposition candidates in local elections across the country in 2018, 2019, and 2020.

In past years, the effort was more of a traditional word-of-mouth and public-relations campaign promoted by Navalny and his allies through their networks.

Russian opposition leader Aleksei Navalny -- who has been jailed in a notorious prison east of Moscow since February -- is seen on a screen via a video link during a court hearing in Moscow in June.

Russian opposition leader Aleksei Navalny — who has been jailed in a notorious prison east of Moscow since February — is seen on a screen via a video link during a court hearing in Moscow in June.

This year, with the national Duma elections looming, Smart Voting has gone high-tech, with a downloadable app launched on August 24 that identifies in every single race the candidate most likely to defeat…

Source…