What are macros and how are they being used to hack into your system

What is a Macros virus?

A macro, fundamentally, is an action or set of actions that can be run repeatedly. It is widely used in Microsoft applications, such as Excel and Word to record mouse clicks and keystrokes to help automate tasks. Hackers convert macros into viruses by embedding malicious scripts that can harm your system.    

Can macros be used to hack people?

Yes. Macros are being used by hacker’s globally to break into systems by baiting humans, as they are the weakest security link. 

How do hackers exploit macros to infect your system?  

Hackers create documents using the macro function in Microsoft documents, such as Excel and Word. They embed it with malicious code/script and send it to people in various organizations by creating email addresses that mimic internal email addresses. When the recipient gets an email and tries to open the document, it prompts an option to ‘Enable Macro’. If the user thinks the source is trust-worthy and enables the macro, the embedded script which was hidden in the file downloads an open source virus from the internet. It then infects the user’s system with that virus.  

Why are macro based virus attacks on the rise?

We have entered the era of automation. People are automating mundane tasks to save time. Most organisations have internal files that are used to track daily activities. Macros help them complete the work faster. Hackers use this as an opportunity to exploit people that are not educated about security.

Why does your anti-malware not detect macro-based viruses?

Macros are a legitimate functionality in Microsoft documents. This means that it is difficult for an anti-virus software to detect it accurately. In a recent security breach, Macros were used to infect the impenetrable Mac OS systems. After an audit, it was found that only 4 Anti-Virus(AV) engines were able to flag it as a malicious.                   

What is the practical solution to avoid macro-based attacks? 

Think Secure Security Education (TSSE) is designed to ensure that you and your staff are aware of the latest security threats. We use the Hollywood style storytelling platform to deeply engage your staff and educate them about the latest security breaches. Each episode is animated, 3-4 mins long and has quizzes towards the end.

HOW IT REALLY HAPPENED: NINJIO SEASON 3, EPISODE 5, THE MACRO TROJAN TAKEDOWN

In NINJIO’s Season 3, Episode 5, a routine day at air traffic control turns dangerous when the system begins to glitch? Macro-based malware made it into the organization’s system, rendering their equipment useless.? The result could put innocent lives at stake.? Whenever an email is received with an attachment containing macros, it’s a best practice to verify who sent the file and whether or not it should be trusted. Watch an episode now

Macros in the news

Tripwire looks at the malware called BlackEnergy and its attempts to shut down an airport in Ukraine.

This Spiceworks article dives into the dangers of bypassing the IT department or specialists within an organization.

It’s a Wild, Wild Word: New Macro Malware Now Infecting Both Windows and Mac OS

Security Intelligence looks at the dangers of macro-based malware as it begins to hit more operating systems.

The University of Tulsa looks at causes of breaches and hacks, focusing on the importance of emphasizing an organizational commitment to security awareness.

Azriel Dsouza

David Johnston
"Successful business is a result of interconnecting partnerships all working in synergy for a common goal. Our job is to ensure the efficiency and effectiveness of the strands that link it all together."

David Johnston
Think I.T. Team

News

Critical recall of some Zebra printer power supply units

It has come to our attention that Zebra has initiated a critical recall of some label printer power supplies manufactured between 2006 and 2012. There have been cases where these power supplies have caught fire putting people and property at risk.As you may have obtained Zebra printers from other sources, and we may not be able to accurately identify printers sold by us prior to October...  more...