One of the most popular delivery vectors for malware of late? Check out CVE-2017-11882, a patched Microsoft vulnerability that allows hackers to perform arbitrary code execution, ultimately giving them access to your entire network.
Many of the latest attacks have exploited this year-old Microsoft patch to successfully penetrate business networks (note: if you are a Dynamic Edge client, this patch was taken care of a long time ago). This patch vulnerability is so wide-spread that nearly 45% of all ransomware viruses delivered last month had been delivered because businesses failed to apply this one patch.
Macros continue to be a major security problem
There continue to be weaponized Microsoft Office documents delivered via email. As phishing campaigns get more believable, rest assured, criminals are exploiting attachments like they’ve never before. While Microsoft Office by default disables macros nowadays, many enterprise systems still have them turned on. So when a user clicks on an attachment, they might execute code in the background of their computer without even thinking there’s a problem.
Expert and amateur criminals, alike, are exploiting systems through macros.
It doesn’t matter whether you’re a budding cybercriminal learning the ropes or an expert ring leader, macros continue to be a sure-fire way to penetrate networks that are under-protected. All types of malware, from simple bots to ransomware pop up on networks via macro-based attacks (our forensics teams find this all the time).
Why does this macro vulnerability frustrate me?
As a business owner, I care that my team and clients are safe. When ransomware pops up on a network, in all likelihood, that business or organization is at real jeopardy of closing their doors (in fact, more than half of businesses close within a year of a ransomware attack!).
These macro attacks are really frustrating to me from a cybersecurity standpoint because they all are nearly completely avoidable. Businesses are neglecting to apply preventative steps to keep their networks virtually risk free from ransomware and cyberattacks.
And frankly, I hate having to clean up messes when they could have been avoided. While we do make money from cyber incidents, I hate getting new clients from remediating ransomware events. Plain and simple. I’d much rather publish public service announcements and make phone calls warning you of events than having to clean up one after the fact. It’s simply no fun to see businesses in pain—to the point that puts some staff on the affected team to tears. I’d much rather you take the precautions to prevent an event than live through an attack.
The takeaway? The majority of attacks hitting businesses today are completely avoidable. That is, if your IT Support is doing their due diligence at maintaining and monitoring your network (keeping you from being low hanging fruit). The sad truth is that businesses are failing at even these basics, staff are undertrained to deal with scams, and networks have open doors for attacks.
Need a second opinion on your network security? Contact Us from a free security vulnerability assessment.
