1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Microsoft Excel threats could be a major security risk to your bu

    From TechnologyDaily@1337:1/100 to All on Wed Dec 21 11:15:04 2022
    Microsoft Excel threats could be a major security risk to your business

    Date:
    Wed, 21 Dec 2022 10:58:08 +0000

    Description:
    Macros may be blocked, but crooks always find a way, with Microsoft Excel XLL files the latest issue.

    FULL STORY ======================================================================

    Microsoft may have blocked macros from running by default in its Office suite of programs, but there are workarounds, researchers are saying.

    Several months after the ban was introduced, one specific workaround is
    seeing an uptick in adoption in the cybercriminal community, according to a new report from Cisco Talos.

    The team claims cybercriminals are increasingly using XLL files (as opposed
    to XLS and XLSX) to deliver malicious code to target endpoints . Growing in popularity

    XLL files are a type of dynamic link library (DLL) file that can only be opened by Excel, the researchers explain. In other words, with XLL files, Microsoft Excel spreadsheets can take advantage of additional functionality coming from third-party apps.

    While the weaponization of XLL files is nothing new (first samples have been reported as early as 2017, it was said), these files were rarely used until Microsoft decided to block the running of macros in files downloaded from the internet. Now, since 2021, more malware families started deploying the alternative solution.

    "For quite some time after [mid-2017], the usage of XLL files is only
    sporadic and it does not increase significantly until the end of 2021, when commodity malware families such as Dridex and Formbook started using it," Vanja Svajcer, outreach researcher for Cisco Talos noted in the report.

    "Currently a significant number of advanced persistent threat actors and commodity malware families are using XLLs as an infection vector and this number continues to grow." Read more

    Microsoft Excel has unveiled an absolutely mind-blowing new feature


    Microsoft has changed its mind about blocking Office macros by default


    These are the best firewalls right now

    Among the groups using XLL files are the Chinese threat actor APT10 (AKA Potassium), which used it to distribute the Anel Backdoor. Then there is Cicada (AKA Stone Panda, TA410) a group thats allegedly loosely tied to
    APT10, as well as DoNot, and Fin7.

    Apparently, the threat actors have been using XLL files to deliver various malware families, such as Warzone RAT, or Ducktail. Businesses are warned to expect an increasing number of such threats going forward. Here's our list of the best malware removal tools around

    Via: The Register



    ======================================================================
    Link to news story: https://www.techradar.com/news/microsoft-excel-threats-could-be-a-major-securi ty-risk-to-your-business


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)